public static function submitCheck($var, $allowGet = 0) { if (EnvUtil::getRequest($var) === null) { return false; } else { $isPostRequest = Ibos::app()->request->getIsPostRequest(); $emptyFlashProtected = empty($_SERVER["HTTP_X_FLASH_VERSION"]); $emptyReferer = empty($_SERVER["HTTP_REFERER"]); $formHash = Ibos::app()->request->getParam("formhash"); $formHashCorrect = !empty($formHash) && $formHash == EnvUtil::formHash(); $formPostCorrect = $isPostRequest && $formHashCorrect && $emptyFlashProtected && $emptyReferer; $refererEqualsHost = preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "", $_SERVER["HTTP_REFERER"]) == preg_replace("/([^\\:]+).*/", "", $_SERVER["HTTP_HOST"]); if ($allowGet || $formPostCorrect || $refererEqualsHost) { return true; } else { throw new RequestException(Ibos::lang("Data type invalid", "error")); } } }
public function handleSystemConfigure($event) { $global = Ibos::app()->setting->toArray(); $timeOffset = $global["setting"]["timeoffset"]; $this->setTimezone($timeOffset); if (!Ibos::app()->user->isGuest) { define("FORMHASH", EnvUtil::formHash()); } else { define("FORMHASH", ""); } define("VERHASH", $global["setting"]["verhash"]); if ($global["setting"]["appclosed"]) { $route = Ibos::app()->getUrlManager()->parseUrl(Ibos::app()->getRequest()); if (!empty($route)) { list($module) = explode("/", $route); } else { $module = ""; } if (!Ibos::app()->user->isGuest && Ibos::app()->user->isadministrator) { } elseif (in_array($module, array("dashboard", "user"))) { } else { if (defined("IN_SWFHASH") && IN_SWFHASH) { } else { EnvUtil::iExit(Ibos::lang("System closed", "message")); } } } }
public function actionLogin() { if (!Ibos::app()->user->isGuest) { $return = array("login" => true, "formhash" => FORMHASH, "uid" => Yii::app()->user->uid, "user" => user::model()->fetchByUid(Ibos::app()->user->uid), "APPID" => Ibos::app()->setting->get("setting/iboscloud/appid")); if (EnvUtil::getRequest("issetuser") != "true") { $userData = UserUtil::getUserByPy(); $return["userData"] = $userData; } if (ModuleUtil::getIsEnabled("weibo")) { $udata = UserData::model()->getUserData(); } $return["user"]["following_count"] = isset($udata["following_count"]) ? $udata["following_count"] : 0; $return["user"]["follower_count"] = isset($udata["follower_count"]) ? $udata["follower_count"] : 0; $return["user"]["weibo_count"] = isset($udata["weibo_count"]) ? $udata["weibo_count"] : 0; $this->ajaxReturn($return, "JSONP"); } $account = Ibos::app()->setting->get("setting/account"); $userName = EnvUtil::getRequest("username"); $passWord = EnvUtil::getRequest("password"); $gps = EnvUtil::getRequest("gps"); $address = EnvUtil::getRequest("address"); $ip = Ibos::app()->setting->get("clientip"); $cookieTime = 0; if (!$passWord || $passWord != addslashes($passWord)) { $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("Passwd illegal", "user.default")), "JSONP"); } $identity = new ICUserIdentity($userName, $passWord); $result = $identity->authenticate(false); if (0 < $result) { $user = Ibos::app()->user; if ($account["allowshare"] != 1) { $user->setStateKeyPrefix(Ibos::app()->setting->get("sid")); } MainUtil::setCookie("autologin", 1, $cookieTime); $user->login($identity, $cookieTime); if ($user->uid != 1) { MainUtil::checkLicenseLimit(true); } $urlForward = EnvUtil::referer(); $log = array("terminal" => "app", "password" => StringUtil::passwordMask($passWord), "ip" => $ip, "user" => $userName, "loginType" => "username", "address" => $address, "gps" => $gps); Log::write($log, "login", sprintf("module.user.%d", Ibos::app()->user->uid)); $return = array("login" => true, "formhash" => EnvUtil::formHash(), "uid" => Ibos::app()->user->uid, "user" => user::model()->fetchByUid(Ibos::app()->user->uid), "APPID" => Ibos::app()->setting->get("setting/iboscloud/appid")); if (ModuleUtil::getIsEnabled("weibo")) { $udata = UserData::model()->getUserData(); } $return["user"]["following_count"] = isset($udata["following_count"]) ? $udata["following_count"] : 0; $return["user"]["follower_count"] = isset($udata["follower_count"]) ? $udata["follower_count"] : 0; $return["user"]["weibo_count"] = isset($udata["weibo_count"]) ? $udata["weibo_count"] : 0; if (EnvUtil::getRequest("issetuser") != "true") { $userData = UserUtil::getUserByPy(); $return["userData"] = $userData; } $this->ajaxReturn($return, "JSONP"); } elseif ($result === 0) { $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User not fount", "user.default", array("{username}" => $userName))), "JSONP"); } elseif ($result === -1) { $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User lock", "user.default", array("{username}" => $userName))), "JSONP"); } elseif ($result === -2) { $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User disabled", "", array("{username}" => $userName))), "JSONP"); } elseif ($result === -3) { $log = array("user" => $userName, "password" => StringUtil::passwordMask($passWord), "ip" => $ip); Log::write($log, "illegal", "module.user.login"); $this->ajaxReturn(array("login" => false, "msg" => Ibos::lang("User name or password is not correct", "user.default")), "JSONP"); } }