// check for errors
@chmod(ROOT . 'avatar/', 0777);
@chmod(ROOT . 'config/', 0777);
if (!is_writable(ROOT . 'avatar/')) {
$installerrors[] = '请将avatar文件夹的属性设置为: 777';
}
if (!is_writable(ROOT . 'config/')) {
$installerrors[] = '请将config文件夹的属性设置为: 777';
}
if (!is_writeable(ROOT . 'config/settings.php')) {
$installerrors[] = '请将系统配置文件config/settings.php设置为可写, 即属性设置为: 777';
}
if (strlen($username) == 0) {
$installerrors[] = '请输入系统管理员用户名.';
} else {
if (!IsName($username)) {
$installerrors[] = '用户名中含有非法字符.';
}
}
if (strlen($password) == 0) {
$installerrors[] = '请输入系统管理员密码.';
}
if ($password != $confirmpassword) {
$installerrors[] = '管理员密码与确认密码不相同.';
}
if (strlen($email) == 0) {
$installerrors[] = '请输入管理员电子信箱.';
}
if (strlen($tableprefix) == 0) {
$installerrors[] = '请输入数据库表前缀.';
} else {
$Password = '';
$Password2 = '';
$VerifyCode = '';
$Message = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!ReferCheck($_POST['FormHash'])) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
$UserName = strtolower(Request('Post', 'UserName'));
$Email = strtolower(Request('Post', 'Email'));
$Password = Request('Post', 'Password');
$Password2 = Request('Post', 'Password2');
$VerifyCode = intval(Request('Post', 'VerifyCode'));
if ($UserName && $Email && $Password && $Password2 && $VerifyCode) {
if ($Password === $Password2) {
if (IsName($UserName)) {
if (IsEmail($Email)) {
session_start();
if (isset($_SESSION[$Prefix . 'VerificationCode']) && $VerifyCode === intval($_SESSION[$Prefix . 'VerificationCode'])) {
$UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
if (!$UserExist) {
$NewUserSalt = mt_rand(100000, 999999);
$NewUserPassword = md5(md5($Password) . $NewUserSalt);
$NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => $Email, 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp));
$DB->query('INSERT INTO `' . $Prefix . 'users`(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`) VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData);
$CurUserID = $DB->lastInsertId();
//更新全站统计数据
$NewConfig = array("NumUsers" => $Config["NumUsers"] + 1, "DaysUsers" => $Config["DaysUsers"] + 1);
UpdateConfig($NewConfig);
$TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp;
//默认保持30天登陆状态
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
// 读入Access Token
$OauthObject->AccessToken = $_SESSION[$Prefix . 'OauthAccessToken'];
// 释放session防止阻塞
session_write_close();
if (!$OauthObject->GetOpenID()) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
$OauthUserInfo = $OauthObject->GetUserInfo();
CheckOpenID();
$UserName = strtolower(Request('Post', 'UserName'));
if ($UserName && IsName($UserName)) {
$UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
if (!$UserExist) {
$NewUserSalt = mt_rand(100000, 999999);
$NewUserPassword = '******' . substr(md5(md5(mt_rand(1000000000, 2147483647)) . $NewUserSalt), 0, -3);
$NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => '', 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp));
$DB->query('INSERT INTO `' . $Prefix . 'users`
(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`)
VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData);
$CurUserID = $DB->lastInsertId();
//Insert App user
$DB->query('INSERT INTO `' . $Prefix . 'app_users`
(`ID`, `AppID`, `OpenID`, `AppUserName`, `UserID`, `Time`)
VALUES (:ID, :AppID, :OpenID, :AppUserName, :UserID, :Time)', array('ID' => null, 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID, 'AppUserName' => htmlspecialchars($OauthObject->NickName), 'UserID' => $CurUserID, 'Time' => $TimeStamp));
//var_dump(htmlspecialchars($OauthObject->NickName));
//更新全站统计数据
$ErrorCode = 104000;
if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) {
if (!ReferCheck(Request('Post', 'FormHash'))) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
$UserName = strtolower(Request('Post', 'UserName'));
$Email = strtolower(Request('Post', 'Email'));
$Password = Request('Post', 'Password');
$VerifyCode = intval(Request('Post', 'VerifyCode'));
do {
if (!($UserName && $Email && $Password && $VerifyCode)) {
$Error = $Lang['Forms_Can_Not_Be_Empty'];
$ErrorCode = 104001;
break;
}
if (!IsName($UserName)) {
$Error = $Lang['UserName_Error'];
$ErrorCode = 104002;
break;
}
if (!IsEmail($Email)) {
$Error = $Lang['Email_Error'];
$ErrorCode = 104003;
break;
}
session_start();
$TempVerificationCode = "";
if (isset($_SESSION[$Prefix . 'VerificationCode'])) {
$TempVerificationCode = intval($_SESSION[$Prefix . 'VerificationCode']);
unset($_SESSION[$Prefix . 'VerificationCode']);
} else {
public function save()
{
$aid = ForceIntFrom('aid');
$type = ForceIntFrom('type');
$activated = ForceIntFrom('activated');
$username = ForceStringFrom('username');
$password = ForceStringFrom('password');
$passwordconfirm = ForceStringFrom('passwordconfirm');
$email = ForceStringFrom('email');
$fullname = ForceStringFrom('fullname');
$fullname_en = ForceStringFrom('fullname_en');
$post = ForceStringFrom('post');
$post_en = ForceStringFrom('post_en');
$deleteuser = ForceIntFrom('deleteuser');
if ($deleteuser and $aid != $this->admin['aid']) {
$this->DeleteUser($aid);
Success('users');
//如果删除客服, 直接跳转
}
if (!$username) {
$errors[] = '请输入用户名!';
} elseif (!IsName($username)) {
$errors[] = '用户名存在非法字符!';
} elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE username = '******' AND aid != '{$aid}'")) {
$errors[] = '用户名已存在!';
}
if ($aid) {
if (strlen($password) or strlen($passwordconfirm)) {
if (strcmp($password, $passwordconfirm)) {
$errors[] = '两次输入的密码不相同!';
}
}
} else {
if (!$password) {
$errors[] = '请输入密码!';
} elseif ($password != $passwordconfirm) {
$errors[] = '两次输入的密码不相同!';
}
}
if (!$email) {
$errors[] = '请输入Email地址!';
} elseif (!IsEmail($email)) {
$errors[] = 'Email地址不规范!';
} elseif (APP::$DB->getOne("SELECT aid FROM " . TABLE_PREFIX . "admin WHERE email = '{$email}' AND aid != '{$aid}'")) {
$errors[] = 'Email地址已占用!';
}
if (!$fullname) {
$errors[] = '请输入中文昵称!';
}
if (!$fullname_en) {
$errors[] = '请输入英文昵称!';
}
if (!$post) {
$errors[] = '请输入中文职位!';
}
if (!$post_en) {
$errors[] = '请输入英文职位!';
}
if (isset($errors)) {
Error($errors, Iif($aid, '编辑客服错误', '添加客服错误'));
} else {
if ($aid) {
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET username = '******',\n\t\t\t\t" . Iif($aid != $this->admin['aid'], "type = '{$type}', activated = '{$activated}',") . "\n\t\t\t\t" . Iif($password, "password = '******',") . "\n\t\t\t\temail = '{$email}',\n\t\t\t\tfullname = '{$fullname}',\n\t\t\t\tfullname_en = '{$fullname_en}',\n\t\t\t\tpost = '{$post}',\n\t\t\t\tpost_en = '{$post_en}'\t\t\t\t\t\t\t\t\t\t \n\t\t\t\tWHERE aid = '{$aid}'");
} else {
APP::$DB->exe("INSERT INTO " . TABLE_PREFIX . "admin (type, activated, username, password, email, first, fullname, fullname_en, post, post_en) VALUES ('{$type}', 1, '{$username}', '" . md5($password) . "', '{$email}', '" . time() . "', '{$fullname}', '{$fullname_en}', '{$post}', '{$post_en}')");
}
Success('users');
}
}
die('File not found!');
}
// #######################################################
$userinfo = array();
$userid = 0;
define('COOKIE_NAME', 'weliveF' . COOKIE_KEY);
$realtime = time();
$loginusername = ForceIncomingString('loginusername');
$loginpassword = ForceIncomingString('loginpassword');
if (strlen($loginusername) and strlen($loginpassword)) {
$vvckey = ForceIncomingString('vvckey');
if (ForceIncomingCookie('safecookieF' . $vvckey . COOKIE_KEY) != md5($_CFG['cKillRobotCode'] . $vvckey)) {
exit;
}
setcookie('safecookieF' . $vvckey . COOKIE_KEY, '', 0, '/');
if (!IsName($loginusername) or !IsPass($loginpassword)) {
$logininfo = $lang['login_error1'];
LogIn();
} else {
$userid = LoginUser($loginusername, $loginpassword);
if (!$userid) {
$logininfo = $lang['login_error2'];
LogIn();
} else {
CreateSession($userid);
header("Location: ./");
exit;
}
}
} else {
if (ForceIncomingInt('logout') == 1) {
