function synlogin($user) { global $timestamp, $uc_key; list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false)); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $safecv = ''; $cktime = 31536000; $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv), $cktime); Cookie("ucuser", StrCode($winduid . "\t" . md5($uc_key . $windpwd)), $cktime); Cookie('lastvisit', '', 0); return ''; }
/** *取得用户数据 **/ function PassportUserdb() { global $db, $timestamp, $webdb, $onlineip, $TB, $pre, $db_ifsafecv, $userDB; list($lfjuid, $lfjpwd, $safecv) = explode("\t", StrCode(GetCookie('winduser'), 'DECODE')); if (!$lfjuid || !$lfjpwd) { return ''; } if ($db_ifsafecv) { $SQL = ",M.safecv"; } $detail = $userDB->get_allInfo($lfjuid); if (PwdCode($detail[password]) != $lfjpwd || $db_ifsafecv && $safecv != $detail['safecv']) { return; } return $detail; }
function synlogin($user) { global $timestamp, $uc_key; list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false)); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $safecv = ''; $cktime = 31536000; $cktime != 0 && ($cktime += $timestamp); Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv), $cktime); Cookie("ucuser", StrCode($winduid . "\t" . md5($uc_key . $windpwd)), $cktime); Cookie('lastvisit', '', 0); //鑾峰彇鍕嬬珷_start require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); //鑾峰彇鍕嬬珷_end return ''; }
function wap_login($username, $password, $safecv, $lgt = 0) { global $db, $timestamp, $onlineip, $db_ckpath, $db_ckdomain, $db_bbsurl, $db_ifsafecv; $men = $db->get_one("SELECT m.uid,m.password,m.safecv,m.groupid,m.yz,md.onlineip FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid WHERE m." . ($lgt ? 'uid' : 'username') . "=" . pwEscape($username)); if ($men) { $e_login = explode("|", $men['onlineip']); if ($e_login[0] != $onlineip . ' *' || $timestamp - $e_login[1] > 600 || $e_login[2] > 1) { $men_uid = $men['uid']; $men_pwd = $men['password']; $check_pwd = $password; if ($men['yz'] > 2) { wap_msg('login_jihuo'); } if (strlen($men_pwd) == 16) { $check_pwd = substr($password, 8, 16); /*支持 16 位 md5截取密码*/ } if ($men_pwd == $check_pwd && (!$db_ifsafecv || $men['safecv'] == $safecv)) { if (strlen($men_pwd) == 16) { $db->update("UPDATE pw_members SET password="******" WHERE uid=" . pwEscape($men_uid)); } $L_groupid = (int) $men['groupid']; Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); } else { global $L_T; $L_T = $e_login[2]; $L_T ? $L_T-- : ($L_T = 5); $F_login = "******"; $db->update("UPDATE pw_memberdata SET onlineip=" . pwEscape($F_login) . " WHERE uid=" . pwEscape($men_uid)); wap_msg('login_pwd_error'); } } else { global $L_T; $L_T = 600 - ($timestamp - $e_login[1]); wap_msg('login_forbid'); } } else { global $errorname; $errorname = $username; wap_msg('user_not_exists'); } Cookie("winduser", StrCode($men_uid . "\t" . PwdCode($password) . "\t" . $safecv)); Cookie('lastvisit', '', 0); wap_msg('wap_login', 'index.php'); }
function checkuptoadmin($CK) { Add_S($CK); global $db, $manager; if (is_array($manager) && CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password FROM pw_members WHERE username="******"SELECT uid,username,groupid,groups,password FROM pw_members WHERE username=" . pwEscape($CK[1])); if (!SafeCheck($CK, PwdCode($rt['password']))) { return false; } } return true; } else { return false; } }
function weiboResetUserPassword($userId, $password, $repeatPassword) { global $db_ckpath, $db_ckdomain; if ('' == $password || '' == $repeatPassword) { Showmsg('创建密码不能为空'); } $rg_config = L::reg(); list($rg_regminpwd, $rg_regmaxpwd) = explode("\t", $rg_config['rg_pwdlen']); $register = L::loadClass('Register', 'user'); $register->checkPwd($password, $repeatPassword); $weiboLoginService = L::loadClass('WeiboLoginService', 'sns/weibotoplatform/service'); /* @var $weiboLoginService PW_WeiboLoginService */ $isSuccess = $weiboLoginService->resetLoginUserPassword($userId, $password); if (!$isSuccess) { return false; } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $user = $userService->get($userId); Cookie("winduser", StrCode($userId . "\t" . PwdCode($user['password']) . "\t" . $user['safecv'])); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //自动获取勋章_start require_once R_P . 'require/functions.php'; doMedalBehavior($userId, 'continue_login'); //自动获取勋章_end return true; }
} else { pwCache::setData(D_P . 'data/bbscache/ip_cache.php', "<?php die;?><{$timestamp}>\n<{$onlineip}>"); } } //addonlinefile(); if (GetCookie('userads') && $inv_linkopen && $inv_linktype == '1') { require_once R_P . 'require/userads.php'; } if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) { list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite')); if (is_numeric($o_u) && strlen($hash) == 18) { require_once R_P . 'require/o_invite.php'; } } if ($rgyz == 1) { Cookie("winduser", StrCode($winduid . "\t" . PwdCode($windpwd) . "\t" . $safecv)); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //将$lastvist清空以将刚注册的会员加入今日到访会员中 /*连续登录天数*/ if ($db_md_ifopen) { require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); } } //发送短消息 if ($rg_config['rg_regsendmsg']) { $rg_config['rg_welcomemsg'] = str_replace('$rg_name', $regname, $rg_config['rg_welcomemsg']); M::sendNotice(array($windid), array('title' => "Welcome To[{$db_bbsname}]!", 'content' => $rg_config['rg_welcomemsg'])); } //发送邮件
/** *相册浏览权限 *@param $aid int 相册ID *@return Array 返回相册相关信息 */ function albumViewRight($aid) { $albumDao = $this->_getDaoFactory('CnAlbum'); $album = $albumDao->getAlbumInfo($aid, 0); if (empty($album)) { return 'data_error'; } $ownerid = $album['ownerid']; /*if(!$this->isUserAlbum($ownerid)){ return 'mode_o_photos_private_0'; }*/ $friendService = $this->_getServiceFactory('Friend', 'friend'); if (!$this->isMyAlbum($ownerid) && $album['private'] == 1 && $friendService->isFriend($this->_winduid, $ownerid) !== true && !$this->isPermission()) { return 'mode_o_photos_private_1'; } if (!$this->isMyAlbum($ownerid) && $album['private'] == 2 && !$this->isPermission()) { return 'mode_o_photos_private_2'; } $cookiename = 'albumview_' . $aid; if ($album['albumpwd'] && PwdCode($album['albumpwd']) != GetCookie($cookiename) && !$this->isMyAlbum($ownerid) && $album['private'] == 3 && !$this->isPermission()) { //GetCookie($cookiename) && Cookie($cookiename,'',time()-3600); return 'mode_o_photos_private_3'; } return $album; }
function User_info() { global $db, $timestamp, $db_onlinetime, $winduid, $windpwd, $safecv, $db_ifonlinetime, $c_oltime, $onlineip, $db_ipcheck, $tdtime, $montime, $db_ifsafecv, $db_ifpwcache, $uc_server; PwNewDB(); $detail = getUserByUid($winduid); if (empty($detail) && $uc_server) { require_once R_P . 'require/ucuseradd.php'; } $loginout = 0; if ($db_ipcheck && strpos($detail['onlineip'], $onlineip) === false) { $iparray = explode('.', $onlineip); strpos($detail['onlineip'], $iparray[0] . '.' . $iparray[1]) === false && ($loginout = 1); } if (!$detail || PwdCode($detail['password']) != $windpwd || $db_ifsafecv && $safecv != $detail['safecv'] || $loginout || $detail['yz'] > 1) { $GLOBALS['groupid'] = 'guest'; require_once R_P . 'require/checkpass.php'; Loginout(); if ($detail['yz'] > 1) { $GLOBALS['jihuo_uid'] = $detail['uid']; Showmsg('login_jihuo'); } Showmsg('ip_change'); } else { list($detail['shortcut'], $detail['appshortcut']) = explode("\t", $detail['shortcut']); unset($detail['password']); $detail['honor'] = substrs($detail['honor'], 90); $distime = $timestamp - $detail['lastvisit']; if ($distime > $db_onlinetime || $distime > 3600) { //Start elementupdate if ($db_ifpwcache & 1 && SCR != 'post' && SCR != 'thread') { require_once R_P . 'lib/elementupdate.class.php'; $elementupdate = new ElementUpdate(); $elementupdate->userSortUpdate($detail); } //End elementupdate if (!GetCookie('hideid')) { $ecpvisit = pwEscape($timestamp, false); $ct = 'lastvisit=' . $ecpvisit . ',thisvisit=' . $ecpvisit; if ($db_ifonlinetime) { $c_oltime = $c_oltime <= 0 ? 0 : ($c_oltime > $db_onlinetime * 1.2 ? $db_onlinetime : intval($c_oltime)); $s_oltime = pwEscape($c_oltime, false); $ct .= ',onlinetime=onlinetime+' . $s_oltime; if ($detail['lastvisit'] > $montime) { $ct .= ',monoltime=monoltime+' . $s_oltime; } else { $ct .= ',monoltime=' . $s_oltime; } $c_oltime && updateDatanalyse($winduid, 'memberOnLine', $c_oltime); $c_oltime = 0; } $db->update("UPDATE pw_memberdata SET {$ct} WHERE uid=" . pwEscape($winduid)); $detail['lastvisit'] = $detail['thisvisit'] = $timestamp; } } } return $detail; }
function checkpass($CK) { S::slashes($CK); global $db, $manager, $db_ifsafecv; if (S::inArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); $ifQuery = true; // In order ot get bubble info if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($CK[1], true, true); if (!SafeCheck($CK, PwdCode($rt['password'])) || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!admincheck($rt['uid'], $rt['username'], $rt['groupid'], $rt['groups'], 'check')) { return false; } $ifQuery = false; } elseif ($db_ifsafecv) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($CK[1], true, true); if ($rt && $rt['safecv'] != $CK['3']) { return false; } $ifQuery = false; } if ($ifQuery) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $rt = $userService->getByUserName($CK[1], true, true); } define('If_manager', 1); $rightset['gid'] = 3; $rightset['all'] = 1; $rightset['bubble'] = $rt['bubble']; require GetLang('purview'); foreach ($purview as $key => $value) { $rightset[$key] = 1; } foreach ($nav_manager['option'] as $key => $value) { $rightset[$key] = 1; } } else { $rt = $db->get_one("SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp,md.bubble FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' LEFT JOIN pw_memberdata md ON md.uid = m.uid WHERE m.username=" . S::sqlEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . S::sqlEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; $rightset['bubble'] = $rt['bubble']; } $rightset['uid'] = $rt['uid']; return $rightset; }
/** * 获取用户信息 */ function User_info() { global $db, $timestamp, $db_onlinetime, $winduid, $windpwd, $bday, $safecv, $db_ifonlinetime, $c_oltime, $onlineip, $db_ipcheck, $tdtime, $montime, $db_ifsafecv, $db_ifpwcache, $uc_server, $db_md_ifopen; PwNewDB(); $detail = getUserByUid($winduid); if (empty($detail) && $uc_server) { require_once R_P . 'require/ucuseradd.php'; } $loginout = 0; if ($db_ipcheck && strpos($detail['onlineip'], $onlineip) === false) { $iparray = explode('.', $onlineip); strpos($detail['onlineip'], $iparray[0] . '.' . $iparray[1]) === false && ($loginout = 1); } if (!$detail || PwdCode($detail['password']) != $windpwd || $db_ifsafecv && $safecv != $detail['safecv'] || $loginout || $detail['yz'] > 1) { $GLOBALS['groupid'] = 'guest'; require_once R_P . 'require/checkpass.php'; Loginout(); if ($detail['yz'] > 1) { $GLOBALS['jihuo_uid'] = $detail['uid']; Showmsg('login_jihuo'); } Showmsg('ip_change'); } else { list($detail['shortcut'], $detail['appshortcut']) = explode("\t", $detail['shortcut']); unset($detail['password']); $detail['honor'] = substrs($detail['honor'], 90); $distime = $timestamp - $detail['lastvisit']; if ($distime > $db_onlinetime || $distime > 3600) { /*--- element update ---start*/ if ($db_ifpwcache & 1 && SCR != 'post' && SCR != 'thread') { L::loadClass('elementupdate', '', false); $elementupdate = new ElementUpdate(); $elementupdate->userSortUpdate($detail); } /*--- element update ---end*/ if (!GetCookie('hideid')) { $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ $updateMemberData = $updateByIncrementMemberData = array(); $updateMemberData['lastvisit'] = $timestamp; $updateMemberData['thisvisit'] = $timestamp; if ($db_ifonlinetime) { $c_oltime = intval($c_oltime); $c_oltime = $c_oltime <= 0 ? 0 : ($c_oltime > $db_onlinetime * 1.2 ? $db_onlinetime : $c_oltime); $updateByIncrementMemberData['onlinetime'] = $c_oltime; if ($detail['lastvisit'] > $montime) { $updateByIncrementMemberData['monoltime'] = $c_oltime; } else { $updateMemberData['monoltime'] = $c_oltime; } if ($c_oltime) { require_once R_P . 'require/functions.php'; updateDatanalyse($winduid, 'memberOnLine', $c_oltime); } $c_oltime = 0; } if (get_date($timestamp, 'Y-m-d') > get_date($detail['lastvisit'], 'Y-m-d')) { /*更新今日登录数*/ $stasticsService = L::loadClass('Statistics', 'datanalyse'); $stasticsService->login($winduid); /*连续登录天数*/ if ($db_md_ifopen) { require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); } } $userService->update($winduid, array(), $updateMemberData); $updateByIncrementMemberData && $userService->updateByIncrement($winduid, array(), $updateByIncrementMemberData); $detail['lastvisit'] = $detail['thisvisit'] = $timestamp; } } } return $detail; }
} //update meminfo if ($upmeminfo) { updateThreadTrade($upmeminfo, $winduid); } unset($upmemdata, $upmeminfo); $result = $userService->update($winduid, $pwSQL); // defend start CloudWind::yunUserDefend('editprofile', $winduid, $windid, $upmemdata['pwdctime'], 0, 101, '', '', '', array('profile' => array_keys($pwSQL))); // defend end /* platform weibo app */ $siteBindService = L::loadClass('WeiboSiteBindService', 'sns/weibotoplatform/service'); /* @var $siteBindService PW_WeiboSiteBindService */ if ($siteBindService->isOpen() && $upmembers['password']) { $weiboLoginService = L::loadClass('WeiboLoginService', 'sns/weibotoplatform/service'); /* @var $weiboLoginService PW_WeiboLoginService */ $weiboLoginService->setLoginUserPasswordHasReset($winduid); Cookie("winduser", StrCode($winduid . "\t" . PwdCode($upmembers['password']) . "\t" . $upmembers['safecv'])); Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); Cookie('lastvisit', '', 0); //自动获取勋章_start require_once R_P . 'require/functions.php'; doMedalBehavior($winduid, 'continue_login'); //自动获取勋章_end } //* $_cache = getDatastore(); //* $_cache->delete('UID_'.$winduid); initJob($winduid, "doUpdatedata"); refreshto("profile.php?action=modify&info_type={$info_type}", 'operate_success', 2, true); } }
function login($username, $password, $cookietime, $not_pwd = false) { extract($GLOBALS); if ($not_pwd) { //不需要知道原始密码就能登录 $rs = $this->get_passport($username, 'name'); } else { $rs = $this->check_password($username, $password); if (!is_array($rs)) { return $rs; //0为用户不存在,-1为密码不正确 } } if (eregi("^pwbbs", $webdb[passport_type])) { if ($db_ifsafecv) { $_r = $this->get_passport($username, 'name'); $safecv = $_r[safecv]; } set_cookie(CookiePre() . '_winduser', StrCode($rs[uid] . "\t" . PwdCode($rs[password]) . "\t{$safecv}"), $cookietime); set_cookie('lastvisit', '', 0); } else { set_cookie("passport", "{$rs['uid']}\t{$username}\t" . mymd5("{$rs['password']}"), $cookietime); } if (defined("UC_CONNECT")) { global $uc_login_code; $uc_login_code = uc_user_synlogin($rs[uid]); } return $rs[uid]; }
function checkpass1($username, $password, $safecv, $lgt = 0) { global $db, $timestamp, $onlineip, $db_ckpath, $db_ckdomain, $men_uid, $db_ifsafecv, $db_ifpwcache, $db_logintype; $str_logintype = ''; if ($db_logintype) { for ($i = 0; $i < 3; $i++) { ${'logintype_' . $i} = $db_logintype & pow(2, $i) ? 1 : 0; } } else { $logintype_0 = 1; } !${'logintype_' . $lgt} && Showmsg('login_errortype'); switch (intval($lgt)) { case 0: $str_logintype = 'username'; break; case 1: $str_logintype = 'uid'; break; case 2: !preg_match("/^[-a-zA-Z0-9_\\.]+@([0-9A-Za-z][0-9A-Za-z-]+\\.)+[A-Za-z]{2,5}\$/", $username) && Showmsg('illegal_email'); $str_logintype = 'email'; break; default: $str_logintype = 'username'; break; } $men_uid = ''; if (intval($lgt) == 2) { $query = $db->query("SELECT m.uid,m.username,m.password,m.safecv,m.groupid,m.memberid,m.yz,md.onlineip,md.postnum,md.rvrc,md.money,md.credit,md.currency,md.lastpost,md.onlinetime,md.todaypost,md.monthpost,md.monoltime,md.digests " . " FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid" . " WHERE m." . $str_logintype . "=" . pwEscape($username) . " LIMIT 2"); $int_querynum = $db->num_rows($query); if (!$int_querynum) { Showmsg('user_not_exists'); } elseif ($int_querynum == 1) { $men = $db->fetch_array($query); } else { Showmsg('reg_email_have_same'); } } else { $men = $db->get_one("SELECT m.uid,m.username,m.password,m.safecv,m.groupid,m.memberid,m.yz,md.onlineip,md.postnum,md.rvrc,md.money,md.credit,md.currency,md.lastpost,md.onlinetime,md.todaypost,md.monthpost" . " FROM pw_members m LEFT JOIN pw_memberdata md ON md.uid=m.uid" . " WHERE m." . $str_logintype . "=" . pwEscape($username)); } if ($men) { $e_login = explode("|", $men['onlineip']); if ($e_login[0] != $onlineip . ' *' || $timestamp - $e_login[1] > 600 || $e_login[2] > 1) { $men_uid = $men['uid']; $men_pwd = $men['password']; $check_pwd = $password; $men['yz'] > 2 && Showmsg('login_jihuo'); if (strlen($men_pwd) == 16) { $check_pwd = substr($password, 8, 16); /*支持 16 位 md5截取密码*/ } if ($men_pwd == $check_pwd && (!$db_ifsafecv || $men['safecv'] == $safecv)) { if (strlen($men_pwd) == 16) { $db->update("UPDATE pw_members SET password="******"WHERE uid=" . pwEscape($men_uid)); } $L_groupid = $men['groupid'] == '-1' ? $men['memberid'] : $men['groupid']; Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain); } else { global $L_T; $L_T = $timestamp - $e_login[1] > 600 ? 5 : $e_login[2]; $L_T ? $L_T-- : ($L_T = 5); $F_login = "******"; $db->update("UPDATE pw_memberdata SET onlineip=" . pwEscape($F_login) . "WHERE uid=" . pwEscape($men_uid)); Showmsg('login_pwd_error'); } } else { global $L_T; $L_T = 600 - ($timestamp - $e_login[1]); Showmsg('login_forbid'); } } else { global $errorname; $errorname = $username; Showmsg('user_not_exists'); } //Start Here会员排行榜 if ($db_ifpwcache & 1) { require_once R_P . 'lib/elementupdate.class.php'; $elementupdate = new ElementUpdate(); $elementupdate->userSortUpdate($men); } //End Here return array($men_uid, $L_groupid, PwdCode($password)); }
} $sql1 += array('groupid' => -1, 'memberid' => 8, 'gender' => 0, 'regdate' => $timestamp); /** $db->update("REPLACE INTO pw_members SET".S::sqlSingle($sql1)); **/ pwQuery::replace('pw_members', $sql1); $winduid = $db->insert_id(); $sql2 += array('uid' => $winduid, 'postnum' => 0, 'lastvisit' => $timestamp, 'thisvisit' => $timestamp, 'onlineip' => $onlineip); /** $db->update("REPLACE INTO pw_memberdata SET".S::sqlSingle($sql2)); **/ pwQuery::replace('pw_memberdata', $sql2); //* $db->update("UPDATE pw_bbsinfo SET newmember=".S::sqlEscape($userdb['username']).",totalmember=totalmember+1 WHERE id='1'"); $db->update(pwQuery::buildClause("UPDATE :pw_table SET newmember=:newmember,totalmember=totalmember+1 WHERE id=:id", array('pw_bbsinfo', $userdb['username'], 1))); } $db_hash = $_db_hash; $windpwd = PwdCode($userdb['password']); Cookie("winduser", StrCode($winduid . "\t" . $windpwd), $userdb['cktime']); Cookie('lastvisit', '', 0); Loginipwrite(); if ($ajax == 1) { ObStart(); echo "success\t{$db_bbsurl}"; ajax_footer(); } ObHeader($forward ? $forward : $db_bbsurl); } elseif ($action == 'quit') { $db_hash = $_db_hash; Loginout(); ObHeader($forward ? $forward : $db_bbsurl); }
function checkpass($CK) { Add_S($CK); global $db, $manager, $db_ifsafecv, $db_gdcheck; if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) { GdConfirm($_POST['lg_num']); } if (CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; } return $rightset; }
list($isheader, $isfooter, $tplname, $isleft) = array(true, true, "m_photos", true); } elseif ($a == 'albumcheck') { S::gp(array('aid'), null, 2); S::gp(array('viewpwd')); $album = $photoService->getAlbumInfo($aid); if (empty($album)) { echo "data_error"; ajax_footer(); } if (!$viewpwd) { echo "empty"; ajax_footer(); } $viewpwd = md5($viewpwd); if ($album['albumpwd'] == $viewpwd) { Cookie('albumview_' . $album['aid'], PwdCode($viewpwd), time() + 24 * 3600); echo "success"; } else { echo "fail"; } ajax_footer(); } elseif ($a == 'album') { S::gp(array('aid'), null, 2); $cnpho = array(); $result = $photoService->getPhotoListByAid($aid); if (!is_array($result)) { Showmsg($result); } // 删除积分提示 require_once R_P . 'require/credit.php'; $o_photos_creditset = unserialize($o_photos_creditset);
<?php !function_exists('readover') && exit('Forbidden'); $bbsclose = true; $AdminUser = GetCookie('AdminUser'); $CK = $AdminUser ? explode("\t", StrCode(GetCookie('AdminUser'), 'DECODE')) : array(); if (S::inArray($CK[1], $manager)) { $v_key = array_search($CK[1], $manager); SafeCheck($CK, PwdCode($manager_pwd[$v_key])) && ($bbsclose = false); } if (!$db_bbsifopen) { if ($_GET['logined'] && !$bbsclose) { Cookie('logined', 1, $timestamp + 1800); } elseif (!GetCookie('logined') || $bbsclose) { $skin = $skinco ? $skinco : $db_defaultstyle; $groupid = ''; Showmsg($db_whybbsclose, $bbsclose ? NULL : 'bbsclose'); } } elseif ($db_bbsifopen == 2) { if ($db_visitopen) { $tmpAllowvisit = false; if ($db_visitips && $onlineip != 'Unknown') { $tmpIP = ip2long($onlineip); if ($tmpIP != -1 && $tmpIP !== FALSE) { $tmpVisitips = explode(',', $db_visitips); foreach ($tmpVisitips as $value) { if (!trim($value)) { continue; } $tmpSIP = ip2long(str_replace('*', '1', $value)); $tmpEIP = ip2long(str_replace('*', '255', $value));