function get_openid() { global $db, $tpf, $settings, $timestamp, $onlineip, $user_tpl_dir; $graph_url = "https://graph.qq.com/oauth2.0/me?access_token=" . $_SESSION['access_token']; $str = get_url_contents($graph_url); if (strpos($str, "callback") !== false) { $lpos = strpos($str, "("); $rpos = strrpos($str, ")"); $str = substr($str, $lpos + 1, $rpos - $lpos - 1); } $user = json_decode($str); if (isset($user->error)) { echo "<h3>error:</h3>" . $user->error; echo "<h3>msg :</h3>" . $user->error_description; exit; } //debug //echo("Hello " . $user->openid); //set openid to session $_SESSION["openid"] = $user->openid; if ($_SESSION["openid"]) { $arr = get_user_info(); $nickname = $arr["nickname"]; $abs_path = '../../../'; $flid = @$db->result_first("select flid from {$tpf}fastlogin where auth_type='qq' and auth_name='{$_SESSION["openid"]}'"); if ($flid) { $userid = @$db->result_first("select userid from {$tpf}fastlogin where flid='{$flid}'"); if ($userid) { $rs = $db->fetch_one_array("select userid,gid,username,password,email from {$tpf}users where userid='{$userid}'"); if ($rs) { pd_setcookie('phpdisk_zcore_info', pd_encode("{$rs[userid]}\t{$rs[gid]}\t{$rs[username]}\t{$rs[password]}\t{$rs[email]}")); //login $ins = array('last_login_time' => $timestamp, 'last_login_ip' => $onlineip); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$userid}'"); $db->query_unbuffered("update {$tpf}fastlogin set " . $db->sql_array($ins) . " where flid='{$flid}'"); //echo 'Login Success'; redirect($settings[phpdisk_url] . urr("mydisk", ""), '', 0); } unset($rs); } else { // to bind username $title = __('bind_disk_name'); require_once template_echo('pd_fastlogin', $user_tpl_dir); } } else { $ins = array('nickname' => $nickname, 'auth_type' => 'qq', 'auth_name' => $_SESSION["openid"], 'last_login_time' => $timestamp, 'last_login_ip' => $onlineip); $db->query_unbuffered("insert into {$tpf}fastlogin set " . $db->sql_array($ins) . ""); $flid = $db->insert_id(); //echo 'Login Success'; $title = __('bind_disk_name'); require_once template_echo('pd_fastlogin', $user_tpl_dir); } } else { exit('QQ Login Error'); } }
# This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: passport.php 123 2014-03-04 12:40:37Z along $ # # Copyright (C) 2008-2009 PHPDisk Team. All Rights Reserved. # ## include '../../includes/commons.inc.php'; //print_r($_POST); $param = trim(gpc('param', 'G', '')); if ($param) { parse_str(pd_encode(base64_decode($param), 'DECODE')); } else { exit('Error Param'); } $username = is_utf8() ? $username : convert_str('utf-8', 'gbk', $username); $password = is_utf8() ? $password : convert_str('utf-8', 'gbk', $password); $username = $db->escape($username); $password = $db->escape($password); if ($action == 'passportlogin') { $rs = $db->fetch_one_array("select userid,gid,username,password,email from {$tpf}users where username='******' and password='******' limit 1"); if ($rs) { pd_setcookie('phpdisk_info', pd_encode("{$rs[userid]}\t{$rs[gid]}\t{$rs[username]}\t{$rs[password]}\t{$rs[email]}")); header("Location: " . $settings[phpdisk_url] . urr("mydisk", "")); } else { exit('Passport Error!'); } } exit;
function views_stat($file_id) { global $db, $tpf, $file, $settings, $auth; $view_stat = gpc('view_stat', 'C', ''); if (!$view_stat) { pd_setcookie('view_stat', 1, 3600 * 3); $db->query_unbuffered("update {$tpf}files set file_views=file_views+1 where file_id='{$file_id}'"); if ($auth[view_credit] && $settings[how_view_credit_views] && $settings[how_view_credit_credit]) { $add_credit = @round((int) $settings[how_view_credit_credit] / (int) $settings[how_view_credit_views], 4); add_credit_log($file_id, $add_credit, 'view', $file[userid]); $db->query_unbuffered("update {$tpf}users set credit=credit+{$add_credit} where userid='{$file[userid]}'"); } } }
# This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: splogin.php 121 2014-03-04 12:38:05Z along $ # # Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; if ($pd_gid == 1) { $username = trim(gpc('username', 'G', '')); if (!empty($username)) { $rs = $db->fetch_one_array("select * from {$tpf}users where username='******' limit 1"); if ($rs) { pd_setcookie('phpdisk_zcore_info', pd_encode("{$rs['userid']}\t{$rs['gid']}\t{$rs['username']}\t{$rs['password']}\t{$rs['email']}"), 86400 * 7); header('Location:' . $settings[phpdisk_url] . urr("mydisk", "")); echo 'Loading...'; exit; } } else { header('Location:' . $settings[phpdisk_url]); exit; } } else { header('Location:' . $settings[phpdisk_url]); exit; } ?>
function synlogout($get, $post) { if (!API_SYNLOGOUT) { return API_RETURN_FORBIDDEN; } header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); pd_setcookie('phpdisk_zcore_info', '', -86400 * 365); }
file_exists($group_settings_file) ? require_once $group_settings_file : group_settings_cache(); list($pd_uid, $pd_gid, $pd_username, $pd_pwd, $pd_email) = gpc('phpdisk_zcore_info', 'C', '') ? explode("\t", pd_encode(gpc('phpdisk_zcore_info', 'C', ''), 'DECODE')) : array('', '', '', '', ''); $pd_uid = (int) $pd_uid; if (!$pd_uid || !$pd_pwd) { $pd_uid = 0; } else { $userinfo = $db->fetch_one_array("select userid,u.gid,username,password,email,group_name from {$tpf}users u,{$tpf}groups g where username='******' and password='******' and u.gid=g.gid limit 1"); if ($userinfo) { $pd_username = $userinfo['username']; $pd_email = $userinfo['email']; $pd_gid = $userinfo['gid']; $pd_group_name = $userinfo['group_name']; } else { $pd_uid = 0; $pd_pwd = ''; pd_setcookie('phpdisk_zcore_info', ''); } } unset($userinfo); $news_url = $auth['com_news_url'] ? $auth['com_news_url'] : 'http://www.phpdisk.com/m_news/m_idx.php'; $upgrade_url = $auth['com_upgrade_url'] ? $auth['com_upgrade_url'] : 'http://www.phpdisk.com/autoupdate/last_version_x2.php'; $onlineip = get_ip(); $pg = (int) gpc('pg', 'G', 0); !$pg && ($pg = 1); $perpage = $C['set']['perpage'] ? (int) $C['set']['perpage'] : 20; $error = false; $item = trim(gpc('item', 'GP', '')); $app = trim(gpc('app', 'GP', '')); $action = trim(gpc('action', 'GP', '')); $task = trim(gpc('task', 'GP', '')); $p_formhash = trim(gpc('formhash', 'P', ''));
function synlogout() { header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); pd_setcookie('phpdisk_zcore_info', '', -86400 * 365); }
function cal_downs($file_id) { global $db, $tpf, $timestamp, $onlineip, $my_sid, $auth, $settings; $down_file = gpc('down_file_log', 'C', 0); $rs = $db->fetch_one_array("select userid,file_size from {$tpf}files where file_id='{$file_id}'"); if ($rs) { $userid = $rs[userid]; $file_size = $rs[file_size]; } unset($rs); $ip_interval = get_plans(get_profile($userid, 'plan_id'), 'ip_interval'); $ip_interval = $ip_interval ? (int) $ip_interval : 24; $db->query_unbuffered("update {$tpf}files set file_last_view='{$timestamp}' where file_id='{$file_id}'"); if (!$down_file && check_download_ok($my_sid, $ip_interval * 60)) { //if(1){ pd_setcookie('down_file_log', 1, $ip_interval * 60); $id = (int) @$db->result_first("select id from " . get_table_day_down() . " where file_id='{$file_id}' and d_day='" . date('Ymd') . "'"); if (!$id) { $ins = array('d_year' => date('Y'), 'd_month' => date('Ym'), 'd_day' => date('Ymd'), 'd_week' => date('YW'), 'file_id' => $file_id, 'down_count' => 1, 'userid' => $userid); $db->query_unbuffered("insert into " . get_table_day_down() . " set " . $db->sql_array($ins) . ""); if ($auth[open_plan_active] && $settings[open_plan_active]) { $dday = date('Ymd', strtotime('-1 day')); $dweek = date('YW', strtotime('-1 week')); if ($settings[down_active_interval] == 'week') { $sql_do = " and d_week='{$dweek}'"; } else { $sql_do = " and d_day='{$dday}'"; } $mydowns = (int) @$db->result_first("select sum(down_count) from " . get_table_day_down() . " where userid='{$userid}' {$sql_do}"); //echo $mydowns.','; $mydowns = $mydowns ? get_discount($userid, $mydowns) : 1; $to_plan_id = @$db->result_first("select plan_id from {$tpf}plans where {$mydowns}>=down_active_num_min and {$mydowns}<down_active_num_max and is_hidden=0"); //echo $to_plan_id; if ($to_plan_id && date('Ymd', get_profile($userid, 'plan_conv_time')) != date('Ymd')) { conv_credit($userid); $ins = array('open_plan' => 1, 'plan_id' => $to_plan_id, 'credit_rate' => get_plans($to_plan_id, 'income_rate'), 'plan_conv_time' => $timestamp); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$userid}'"); } } } else { $db->query_unbuffered("update " . get_table_day_down() . " set down_count=down_count+1 where id='{$id}'"); } $add_credit = 1; if ($settings[promo_time] != '') { $hour = date('G'); $arr = explode(',', $settings[promo_time]); if (in_array($hour, $arr)) { $add_credit = 2; } } add_credit_log($file_id, $add_credit, 'download', $userid); $db->query_unbuffered("update {$tpf}users set credit=credit+{$add_credit} where userid='{$userid}'"); $db->query_unbuffered("update {$tpf}files set file_downs=file_downs+1 where file_id='{$file_id}'"); $db->query_unbuffered("update {$tpf}users set dl_credit=dl_credit+1 where userid=(select userid from {$tpf}buddys where touserid='{$userid}')"); $upline_userid = (int) @$db->result_first("select userid from {$tpf}buddys where touserid='{$userid}'"); $db->query_unbuffered("update {$tpf}users set dl_credit2=dl_credit2+1 where userid=(select userid from {$tpf}buddys where touserid='{$upline_userid}')"); } echo 'true'; }
# $Id: mydisk.php 14 2013-03-18 03:02:57Z along $ # # Copyright (C) 2008-2013 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; if ($action == 'guest') { $sess_id = trim(gpc('sess_id', 'G', '')); $rs = $db->fetch_one_array("select userid,username,password,email,gid from {$tpf}users where reset_code='{$sess_id}' limit 1"); if ($rs) { $userid = $rs['userid']; $gid = $rs['gid']; $username = $rs['username']; $password = $rs['password']; $email = $rs['email']; pd_setcookie('phpdisk_zcore_info', pd_encode("{$userid}\t{$gid}\t{$username}\t{$password}\t{$email}"), 86400 * 7); } unset($rs); $username = $pd_username ? $pd_username : $username; $db->query_unbuffered("update {$tpf}users set reset_code='' where reset_code='{$sess_id}' limit 1"); redirect($settings['phpdisk_url'] . urr("space", "username=" . rawurlencode($username)), '', 0); exit; } phpdisk_core::user_login(); define('IN_MYDISK', true); if ($item) { if ($item == 'files' && $action == 'modify_file') { $inner_box = true; } if ($item == 'upload') { $inner_box = true;
function auth_task_guest() { global $db, $tpf, $pd_uid, $pd_gid; form_auth(gpc('formhash', 'P', ''), formhash()); $username = trim(gpc('username', 'P', '')); $password = trim(gpc('password', 'P', '')); $confirm_password = trim(gpc('confirm_password', 'P', '')); $email = trim(gpc('email', 'P', '')); $ref = trim(gpc('ref', 'P', '')); if (checklength($username, 2, 60)) { $error = true; $sysmsg[] = __('invalid_username'); } elseif (is_bad_chars($username)) { $error = true; $sysmsg[] = __('username_has_bad_chars'); } else { $rs = $db->fetch_one_array("select username from {$tpf}users where username='******' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($username, $rs['username']) == 0) { $error = true; $sysmsg[] = __('username_already_exists'); } } unset($rs); } if (checklength($password, 6, 20)) { $error = true; $sysmsg[] = __('invalid_password'); } else { if ($password == $confirm_password) { $md5_pwd = md5($password); } else { $error = true; $sysmsg[] = __('confirm_password_invalid'); } } if (!checkemail($email)) { $error = true; $sysmsg[] = __('invalid_email'); } else { $rs = $db->fetch_one_array("select email from {$tpf}users where email='{$email}' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($email, $rs['email']) == 0) { $error = true; $sysmsg[] = __('email_already_exists'); } unset($rs); } } if (!$error) { $ins = array('username' => $username, 'password' => $md5_pwd, 'email' => $email, 'space_name' => $username . __('file'), 'can_edit' => 0); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'"); pd_setcookie('phpdisk_zcore_info', pd_encode("{$pd_uid}\t{$pd_gid}\t{$username}\t{$md5_pwd}\t{$email}"), 86400 * 3); $sysmsg[] = __('guest_set_account_success'); tb_redirect($ref, $sysmsg); } else { tb_redirect('back', $sysmsg); } }
$num = @$db->result_first("select count(*) from {$tpf}templates where tpl_name='{$tpl}'"); if ($num) { pd_setcookie('ptpl', $tpl); header('Location: ' . $ref); exit; } } } if ($settings[open_switch_langs]) { $lang = gpc('lang', 'G', ''); $ref = gpc('ref', 'G', ''); $ref = $ref ? base64_decode($ref) : './'; if ($lang) { $num = @$db->result_first("select count(*) from {$tpf}langs where lang_name='{$lang}'"); if ($num) { pd_setcookie('lang', $lang); header('Location: ' . $ref); exit; } } } $upload_remote = false; if (display_plugin('multi_server', 'open_multi_server_plugin', $settings['open_multi_server'], 0)) { $rs = $db->fetch_one_array("select server_host,server_store_path,server_key from {$tpf}servers where server_id>1 order by is_default desc limit 1"); if ($rs) { $upload_remote = true; $remote_url = $rs['server_host'] . '?code=' . pd_encode($rs['server_key']); } unset($rs); } $C[last_file] = get_last_file(15);