function refresh($user)
{
$uid = $user['uid'];
$password = $user['password'];
$this->base->user = $user;
$auth = strcode("{$uid}\t{$password}", AUTH_KEY, 'ENCODE');
tcookie('auth', $auth, DAY * 30);
}
function init_user()
{
@($auth = tcookie('auth'));
$user = array('uid' => 0);
@(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1));
if ($uid && $password) {
$finduser = $this('user')->findById($uid);
$finduser && $password == $finduser['password'] && ($user = $finduser);
}
$user['ip'] = $this->ip;
$this->user = $user;
}
public function check($aid = 0)
{
$isajax = $this->input->is_ajax_request();
if (!$isajax) {
return false;
}
$this->load->library('verify');
$status = $this->verify->check();
$status = $status ? 1 : 0;
if ($status) {
//write aid cookie
$string = $aid . "\thk8" . date('H:i:s');
$str = strcode($string, $encode = true);
setcookie('hk8_verify_topic_dw', $str, time() + 3600, '/');
}
die("{$status}");
}
function login_sub()
{
$_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit;
if (isset($_COOKIE['qcs_auth'])) {
$id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
(!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index');
} else {
$this->redirect('Account/login');
}
if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) {
Session::set('aid', 1);
$this->redirect('Admin/main');
} else {
$this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>');
$this->display('Admin/login');
}
}
header('Content-type: text/html; charset=UTF-8');
/*$get=taddslashes($_GET);
$post=taddslashes($_POST);
*/
$get = $_GET;
$post = $_POST;
unset($GLOBALS, $_ENV, $_GET, $_POST);
empty($get['c']) && ($get['c'] = 'index');
empty($get['a']) && ($get['a'] = 'default');
define('ACTION', $get['a']);
define('REGULAR', $get['c'] . '/' . $get['a']);
//load control...
$controlfile = APP_ROOT . '/control/' . $get['c'] . '.php';
if (false === @(include $controlfile)) {
notfound('control file "' . $controlfile . '" not found!');
}
$controlname = $get['c'] . 'control';
$control = new $controlname($get, $post);
$method = strtolower('on' . $get['a']);
if (method_exists($control, $method)) {
$isajax = 0 === strpos($get['a'], 'ajax');
if ($control->checkable(REGULAR) || $isajax) {
$control->{$method}();
} else {
$querystring = strcode($_SERVER["QUERY_STRING"], '', 'ENCODE');
tcookie('querystring', $querystring, 86400);
$control->message('您无权进行当前操作,原因如下:<br/> 您所在的用户组(' . $control->user['title'] . ')无法进行此操作。', 'c=user&a=login');
}
} else {
notfound('control "' . $controlname . '" method "' . $method . '" not found!');
}
$member['cookietime'] = $member['cktime'] ? $member['cktime'] - TIME : 0;
if ($action == 'login') {
$member['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $member['username']);
if (strlen($member['username']) > 20) {
$member['username'] = substr($member['username'], 0, 20);
}
if (empty($member['time']) || empty($member['username']) || empty($member['password'])) {
exit('Lack of required parameters!');
} elseif ($setting['passport_expire'] && TIME - $member['time'] > $setting['passport_expire']) {
exit('Request expired!');
}
$user = $db->fetch_first("SELECT * FROM " . DB_TABLEPRE . "user WHERE username='******'username'] . "'");
if ($user) {
$uid = $user['uid'];
// $user->edit($member);
} else {
$credit1 = $setting['credit1_register'];
$credit2 = $setting['credit2_register'];
$db->query("INSERT INTO " . DB_TABLEPRE . "user(username,password,email,credit1,credit2) values ('{$member['username']}','{$member['password']}','{$member['email']}',{$credit1},{$credit2})");
$uid = $db->insert_id();
$db->query("INSERT INTO " . DB_TABLEPRE . "credit(uid,time,operation,credit1,credit2) VALUES ({$uid}," . TIME . ",'user/register',{$credit1},{$credit2}) ");
}
$forward = empty($forward) ? $setting['passport_server'] : $forward;
$auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE');
tcookie('auth', $auth, 24 * 3600 * 365);
} elseif ($action == 'logout' || $action == 'quit') {
tcookie('sid', '');
tcookie('auth', '');
$forward = empty($forward) ? $setting['passport_server'] : $forward;
}
header('location:' . $forward);
function activate_receive()
{
$this->uid != NULL && exit('Access Denied!');
$this->toclose();
$info = unserialize(Session::get('activate_info'));
($this->setting['ucenter_on'] != 1 || $info == NULL || $info[0] < 0 || !$this->isAjax() || $this->uid != NULL) && exit('Access Denied!');
$user = M('user');
$user->where(array('name' => $info[1]))->count() != 0 && exit('失败:用户名被占用');
$user->where(array('email' => $info[3]))->count() != 0 && exit('失败:邮箱被占用');
if ($id = $user->add(array('name' => $info[1], 'pwd' => pwd_encode($info[2]), 'email' => $info[3], 'province' => $this->post['province'], 'city' => $this->post['city'], 'county' => $this->post['county']))) {
$auth_id = strcode($id . "\t" . md5($this->setting['auth_key']), $this->setting['auth_key'], 'ENCODE');
if ($info['auto'] == 1) {
setcookie('qcs_auth', $auth_id, time() + 365 * 24 * 3600, '/');
} else {
if ($this->post['is_auto'] == 0) {
setcookie('qcs_auth', $auth_id, NULL, '/');
}
}
Session::set('activate_info', NULL);
echo '激活成功,点此进入首页' . uc_user_synlogin($info[0]);
}
}
}
if (isset($user)) {
$userdb['uid'] = $user['userid'];
$userdb['username'] = $user['passport'];
$userdb['password'] = $user['password'];
$userdb['email'] = $user['email'];
$userdb['gender'] = $user['gender'];
$userdb['credit'] = $user['credit'];
$userdb['time'] = $DT_TIME;
$userdb['cktime'] = $cookietime > 0 ? $DT_TIME + $cookietime : 0;
}
$userdb_encode = '';
foreach ($userdb as $key => $val) {
$userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}";
}
$userdb_encode = str_replace('=', '', strcode($userdb_encode));
if ($action == 'login') {
$verify = md5('login' . $userdb_encode . $forward . $MOD['passport_key']);
$api_url = $jumpurl . '/passport_client.php?action=login&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($forward) . '&verify=' . rawurlencode($verify);
} else {
if ($action == 'logout') {
$verify = md5('quit' . $userdb_encode . $forward . $MOD['passport_key']);
$api_url = $jumpurl . '/passport_client.php?action=quit&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($forward) . '&verify=' . rawurlencode($verify);
}
}
function strcode($string, $action = 'ENCODE')
{
global $MOD;
$key = substr(md5($_SERVER["HTTP_USER_AGENT"] . $MOD['passport_key']), 8, 18);
$string = $action == 'ENCODE' ? $string : base64_decode($string);
$len = strlen($key);
function synlogin($get, $post)
{
global $db, $setting;
$uid = $get['uid'];
$username = $get['username'];
if (!API_SYNLOGIN) {
return API_RETURN_FORBIDDEN;
}
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
$member = $db->fetch_first("select * from " . DB_TABLEPRE . "user where username='******'");
if (is_array($member)) {
$auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE');
tcookie('auth', $auth, 31536000);
} else {
tcookie('loginuser', $username, $cookietime);
}
}
public function _initialize()
{
if (!F('setting')) {
$setting = M('setting')->select();
$set = array();
foreach ($setting as $k => $v) {
$set[$v['name']] = $v['value'];
}
F('setting', $set);
}
$this->assign('setting', F('setting'));
$this->setting = F('setting');
$setting = F('setting');
$this->sign = $this->setting['is_quora'] == 0 ? '帖子' : '问题';
$this->assign('sign', $this->sign);
$this->setting['ucenter_on'] == 1 && (include CONFIG_PATH . '/uc_config.php') . (include './uc_client/client.php');
$u = M('user');
if (Session::get('uid') == NULL && $this->setting['ucenter_on'] == 1 && isset($_COOKIE['qcs_ucenter'])) {
$name = explode("\t", uc_authcode($_COOKIE['qcs_ucenter'], 'DECODE'));
$i = uc_get_user($name[1]);
$uid = $u->where(array('name' => remove_xss($i[1]), 'email' => remove_xss($i[2])))->getField('id');
Session::set('uid', $uid);
} else {
if (Session::get('uid') == NULL && isset($_COOKIE['qcs_auth'])) {
$id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
$uid = is_numeric($id[0]) ? $id[0] : NULL;
Session::set('uid', $uid);
}
}
$this->uid = Session::get('uid');
$user_arr = $this->uid != NULL ? $u->where(array('id' => $this->uid))->find() : NULL;
/*Using function remove_xss and token to filter all of the dangerous xss POST or GET content or remote data from the browser-start*/
if ($_POST) {
$po = array();
foreach ($_POST as $k => $v) {
$po[$k] = remove_xss(htmlspecialchars($v));
}
$this->post = $po;
$this->post['ha'] != Session::get('ha') && exit('Access denied! hash value');
//对所有post的值均要先验证客户端hash值,防止远程提交
}
if ($_GET) {
$g = array();
foreach ($_GET as $k => $v) {
$g[$k] = remove_xss(htmlspecialchars($v));
}
$this->get = $g;
}
/*Using function remove_xss and token to filter all of the dangerous xss POST or GET content or remote data from the browser-end*/
import("ORG.Util.Page");
if ($this->get['noticeid']) {
$notify = M('notice');
$n = $notify->where(array('id' => $this->get['noticeid']))->find();
if ($n != NULL && $n['uid'] == $this->uid) {
$notify->where(array('id' => $this->get['noticeid']))->delete();
$u->where(array('id' => $this->uid))->setDec('newnotice');
if ($user_arr != NULL) {
$user_arr['newnotice'] = $user_arr['newnotice'] - 1;
}
}
}
if ($this->get['msgid'] != NULL) {
$Newmsg = M('newmsg');
$newmsg = $Newmsg->where(array('id' => $this->get['msgid']))->find();
if ($newmsg != NULL && $newmsg['uid'] == $this->uid) {
$Newmsg->where(array('id' => $this->get['msgid']))->delete();
$msgcount = $Newmsg->where(array('uid' => $this->uid))->count();
$u->where(array('id' => $this->uid))->save(array('newmsg' => $msgcount));
if ($user_arr != NULL) {
$user_arr['newmsg'] = $user_arr['newmsg'] - 1;
}
}
}
$this->assign('user', $user_arr);
$this->username = $user_arr['name'];
if (!F('category')) {
$category = M('category')->select();
F('category', $category);
}
!Session::get('ha') && Session::set('ha', md5(rand(0, 99999) . uniqid()));
//生成HASH值防止远程提交,所有post值均要传递此参数,否则首先被阻止
$this->assign('ha', Session::get('ha'));
if ($this->uid != NULL) {
if ($user_arr['newnotice'] != 0) {
if (Session::get('inform') == NULL) {
$notice = M('notice')->where(array('uid' => $this->uid))->limit(5)->select();
$a = M('answer');
$notice_content = '';
foreach ($notice as $k => $v) {
if ($v['aid'] == 0) {
$notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '¬iceid=' . $v['id']) . '">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>';
} else {
$bestanswer = $a->where(array('id' => $v['aid']))->getField('bestanswer');
$map['id'] = array('lt', $v['aid']);
$map['qid'] = $v['qid'];
$ga = $a->where($map)->count();
$pa = floor($ga / $setting['reply_per_page']) + 1;
if ($bestanswer == 1) {
$notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '¬iceid=' . $v['id'] . '¬icepage=1&p=1') . '#qcs_0">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>';
//when question has bestanswer
} else {
$notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '¬iceid=' . $v['id'] . '¬icepage=' . $pa . '&p=' . $pa) . '#qcs_' . $ga % $setting['reply_per_page'] . '">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>';
}
}
}
Session::set('inform', $notice_content);
}
} else {
if (Session::get('inform') != NULL) {
Session::set('inform', NULL);
}
}
if ($user_arr['newmsg'] != 0) {
if (Session::get('message') == NULL) {
$msg = M('newmsg')->where(array('uid' => $this->uid))->limit(10)->select();
$message = '';
foreach ($msg as $k => $v) {
$message .= '<a href="' . U('User/letterview?lid=' . $v['letterid'] . '&msgid=' . $v['id']) . '">' . $v['name'] . '给您发了一封站内信</a>';
}
Session::set('message', $message);
}
} else {
if (Session::get('message') != NULL) {
Session::set('message', NULL);
}
}
}
if (!S('side_no_reply')) {
$list = M('question')->where('answercount=0')->limit($this->setting['side_list_count'])->order('id desc')->select();
$result = NULL;
if ($list == NULL) {
$result = '<div class="no_focus_user">暂无未解决' . $this->sign . '</div>';
} else {
foreach ($list as $k => $v) {
$result .= '<a href="' . U('Question/view?qid=' . $v['id']) . '" class="side_list">' . $v['title'] . '</a>';
}
}
S('side_no_reply', $result, $this->setting['side_list_cachetime']);
}
if (!S('side_hot_user')) {
$avatar_list = M('user')->order('score DESC')->limit(9)->field('id')->select();
S('side_hot_user', $avatar_list, $this->setting['side_list_cachetime']);
}
if (!S('side_recommend_question')) {
$list = M('question')->limit($this->setting['side_list_count'])->order('recommendcount desc')->select();
$result = NULL;
if ($list == NULL) {
$result = '<div class="no_focus_user">暂无热门' . $this->sign . '</div>';
} else {
foreach ($list as $k => $v) {
$result .= '<a href="' . U('question/view?qid=' . $v['id']) . '" class="side_list">' . $v['title'] . '</a>';
}
}
S('side_recommend_question', $result, $this->setting['side_list_cachetime']);
}
}
