function ModuleObject( $config ) { $this->MasterObject($config); $this->Username = post('username', 'string'); $this->Password = post('password', 'string'); $this->Secques = quescrypt($this->Post['question'], $this->Post['answer']); if ( MEMBER_ID > 0 ) { $this->IsAdmin = true; } if(strlen($_GET['code']) == 32 && strlen($_GET['state']) == 32){ $this->Code = 'qqlogin'; } $runCode = Load::moduleCode($this); $this->$runCode(); }
if ($seccodecheck) { $seccode = random(6, 1) + $seccode[0] * 1000000; } include template('login'); } else { if ($_DCACHE['settings']['frameon'] && $_DCOOKIE['frameon'] == 'yes') { $extrahead .= '<script>if(top != self) {parent.leftmenu.location.reload();}</script>'; } $discuz_uid = 0; $discuz_user = $discuz_pw = $discuz_secques = $md5_password = ''; $member = array(); $loginperm = logincheck(); if (!$loginperm) { showmessage('login_strike'); } $secques = quescrypt($questionid, $answer); if (isset($loginauth)) { $field = 'username'; $password = '******'; list($username, $md5_password) = daddslashes(explode("\t", authcode($loginauth, 'DECODE')), 1); } else { $md5_password = md5($password); $password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password); } $query = $db->query("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,\r\n\t\t\t\t\tm.adminid, m.groupid, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.allowinvisible\r\n\t\t\t\t\tFROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)\r\n\t\t\t\t\tWHERE m.{$field}='{$username}'"); $member = $db->fetch_array($query); if ($member['discuz_uid'] && $member['discuz_pw'] == $md5_password) { if ($member['discuz_secques'] == $secques && !$seccodemiss) { extract($member); $discuz_userss = $discuz_user; $discuz_user = addslashes($discuz_user);
function uc_add_user($username, $password, $email, $nickname, $uid = 0, $questionid = '', $answer = '', $regip = '') { global $_G; $salt = substr(uniqid(rand()), -6); $setarr = array('salt' => $salt, 'password' => md5(md5($password) . $salt), 'username' => $username, 'nickname' => $nickname, 'secques' => quescrypt($questionid, $answer), 'email' => $email, 'regdate' => TIMESTAMP); $setarr['uid'] = DB::insert('user', $setarr, 1); return $setarr; }
} else { $nNums = $GETSQL->fNumrows("SELECT `uid` FROM `{$ODBC['tablepre']}members` WHERE `username`='{$_POST['regname']}'"); if ($nNums > 0) { die(gb2utf8("error 对不起!您输入的用户名已经被注册")); } else { if ($config['bbs'] == '1') { $GETSQL->fDelete("`cdb_sessions`", "`username`='' OR `username`='{$_POST['regname']}'", "1"); } //$gettime = fgetdate(); $regpwd = md5($_POST['userpwd']); $regname = $_POST['regname']; //$reguid = md5($_POST['regname']); if ($_POST['questionid'] != '') { $secques = ""; } else { $secques = quescrypt($_POST['questionid'], $_POST['answer']); } if ($config['bbs'] == '1') { $cQuery = array("`username`", "`password`", "`secques`", "`groupid`", "`regip`", "`regdate`", "`lastvisit`", "`lastactivity`", "`email`"); $cData = array($regname, $regpwd, $secques, 10, $onlineip, $nowtime, $nowtime, $nowtime, $_POST['regemail']); $GETSQL->fInsert("`cdb_members`", $cQuery, $cData); $reguid = $GETSQL->insert_id(); $cQuery = array("`uid`"); $cData = array($reguid); $GETSQL->fInsert("`cdb_memberfields`", $cQuery, $cData); } else { $reguid = $nowtime; } $cQuery = array("`uid`", "`username`", "`userpwd`", "`groupid`", "`useremail`", "`regdate`"); $cData = array($reguid, $regname, $regpwd, 3, $_POST['regemail'], $nowtime); $GETSQL->fInsert("`{$ODBC['tablepre']}members`", $cQuery, $cData);
define('CURRSCRIPT', 'logging'); require './include/common.php'; if (isset($_POST['password'])) { $password = $_POST['password']; } if (isset($_POST['username'])) { $username = $_POST['username']; } $discuz_uid = $adminid = 0; $discuz_user = $discuz_pw = $discuz_secques = ''; $loginperm = logincheck(); if (!$loginperm) { echo 'login_strike'; exit; } $secques = $questionid && $answer ? quescrypt($questionid, $answer) : ''; $errorlog = "{$timestamp}\t{$username}\t" . substr($password, 0, 2); for ($i = 3; $i < strlen($password); $i++) { $errorlog .= '*'; } $errorlog .= substr($password, -1) . "\t" . ($secques ? "Ques #{$questionid}" : '') . "\t{$onlineip}\n"; $password = md5($password); $query = $db->query("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.adminid, m.groupid, m.credit, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.type as usertype, u.creditshigher, u.creditslower, u.allowinvisible\r\n\t\t\t\t\tFROM {$table_members} m LEFT JOIN {$table_usergroups} u USING (groupid)\r\n\t\t\t\t\tWHERE username='******' AND password='******' AND secques='{$secques}'"); @extract($db->fetch_array($query)); loginrecord($discuz_uid, $loginperm); if ($discuz_uid) { echo 'OK ' . $discuz_user; exit; } else { @($fp = fopen(DISCUZ_ROOT . './forumdata/illegallog.php', 'a')); @flock($fp, 2);
$sachecked = array($customshow[1] => 'selected="selected"'); $sichecked = array($customshow[2] => 'selected="selected"'); $dateformatlist = array(); if (!empty($userdateformat) && ($count = count($userdateformat))) { for ($num = 1; $num <= $count; $num++) { $dateformatlist[$num] = str_replace(array('n', 'j', 'y', 'Y'), array('mm', 'dd', 'yy', 'yyyy'), $userdateformat[$num - 1]); } } } include template('memcp_profile'); } else { require_once DISCUZ_ROOT . './include/discuzcode.func.php'; $membersql = $memberfieldsql = $authstradd1 = $authstradd2 = $newpasswdadd = ''; if ($typeid == 1) { if (!$passport_status) { $secquesnew = $questionidnew == -1 ? $discuz_secques : quescrypt($questionidnew, $answernew); if ($newpassword || $secquesnew != $discuz_secques) { if (md5($oldpassword) != $discuz_pw) { showmessage('profile_passwd_wrong', NULL, 'HALTED'); } if ($newpassword) { if ($newpassword != addslashes($newpassword)) { showmessage('profile_passwd_illegal'); } elseif ($newpassword != $newpassword2) { showmessage('profile_passwd_notmatch'); } $newpasswdadd = ", password='******'"; } } if (($adminid == 1 || $adminid == 2 || $adminid == 3) && !$secquesnew && $admincp['forcesecques']) { showmessage('profile_admin_security_invalid');