function login($username, $pass) { $pdo = newPDO(); $query = $pdo->prepare("SELECT * FROM users WHERE username=:username AND password=:pass LIMIT 1"); $query->execute(array(':username' => $username, ':pass' => $pass)); $results = $query->fetchAll(PDO::FETCH_ASSOC); // if user found in the database (username and password is corrent) if (count($results) == 1) { setCookies($results[0]["id"], $results[0]["username"], $results[0]["name"], $results[0]["email"]); $_SESSION['userid'] = $results[0]["id"]; $_SESSION['username'] = $results[0]["username"]; $_SESSION['user_name'] = $results[0]["name"]; $_SESSION['usermail'] = $results[0]["email"]; return json_encode($results); } else { return "failed"; } }
function loginUser() { $username = $_POST['username']; // checks it against the database $query = "SELECT * FROM users WHERE username = '******'"; $check = mysql_query($query) or die(mysql_error()); if ($info = mysql_fetch_array($check)) { $sessionId = rand_string(32); // update lastLogon & session id $now = date('c'); $update = "UPDATE users SET lastLogon='{$now}', session_id='{$sessionId}' WHERE username='******'"; $result = mysql_query($update) or die(mysql_error()); $hashUsername = $info['sha256_user']; // if login is ok then we add a cookie setCookies($hashUsername, $sessionId); $sessionId = rand_string(32); logLogin($hashUsername); //then redirect them to the members area header('Location: main.php'); } else { dieError("ERROR: Cannot find user record in database. Please contact the administrator"); } }
$query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); } // Refresh $query = prepare("SELECT * FROM `mods` WHERE `id` = :id"); $query->bindValue(':id', $modID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if (!($_mod = $query->fetch())) { error($config['error']['404']); } if ($_mod['id'] == $mod['id']) { // Changed own password. Update cookies if (!login($_mod['username'], $_mod['password'], false, true)) { error(_('Could not re-login after changing password. (?)')); } setCookies(); } if (hasPermission($config['mod']['manageusers'])) { header('Location: ?/users', true, $config['redirect_http']); } else { header('Location: ?/', true, $config['redirect_http']); } exit; } $__boards = '<ul style="list-style:none;padding:2px 5px">'; $boards = array_merge(array(array('uri' => '*', 'title' => 'All')), listBoards()); $_mod['boards'] = explode(',', $_mod['boards']); foreach ($boards as &$_board) { $__boards .= '<li>' . '<input type="checkbox" name="board_' . $_board['uri'] . '" id="board_' . $_board['uri'] . '"' . (in_array($_board['uri'], $_mod['boards']) ? ' checked="checked"' : '') . '/> ' . '<label style="display:inline" for="board_' . $_board['uri'] . '">' . ($_board['uri'] == '*' ? '<em>"*"</em>' : sprintf($config['board_abbreviation'], $_board['uri'])) . ' - ' . $_board['title'] . '</label>' . '</li>'; } $__boards .= '</ul>';
require_once '../init.php'; require_once '../pager.php'; require_once getCacheFilePath('folders.php'); require_once './../../' . ADMIN_DIR . '/language/language.php'; if (!isAdmin()) { exit($_AL['all.notlogin']); } $curPage = intval($_GET["page"]); $folderid = intval($_GET["folderid"]); if ($folderid > 0) { setCookies("lastfolderid", $folderid); } else { $folderid = intval(getCookies("lastfolderid")); } //preview setCookies("lastfoldertype", 2); $pagerlink = "files.php?page={page}&folderid={$folderid}"; $condition = "folderid={$folderid}"; $orderstr = "id desc"; $pager = new Pager(); $pager->init(10, $curPage, $pagerlink); $attachements = $pager->queryRows($db, "attachments", $condition, "*", $orderstr); foreach ($attachements as $key => $att) { $att['shortfilename'] = htmlFilter(cutStr($att['filename'], 12)); $att['filename'] = htmlFilter($att['filename']); $att['uploadtime'] = getDateStr($att['uploadtime']); $attachements[$key] = $att; } $folderrow = $cache_folders[$folderid]; $folderrow['title'] = htmlFilter($folderrow['title']); print <<<EOT
function checkViewLang($type, $id) { global $_SLANG; $reallangid; switch ($type) { case 'articlelist': case 'page': $row = $this->db->row_select_one("channels", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.channel.ne']); $reallangid = $row['langid']; break; case 'productlist': $row = $this->db->row_select_one("procates", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.cate.ne']); $reallangid = $row['langid']; break; case 'product': $row = $this->db->row_select_one("products", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.product.ne']); $reallangid = $row['langid']; break; case 'view': $row = $this->db->row_select_one("articles", "id={$id}"); empty($row) && exitRes($_SLANG['webcore.art.ne']); $reallangid = $row['langid']; break; } setCookies("langid", $reallangid, 3600 * 24 * 365); $tourl = ''; unset($_GET['langid']); foreach ($_GET as $getkey => $getvalue) { !empty($getvalue) && ($tourl .= "&{$getkey}={$getvalue}"); } $tourl = "{$type}.php?langid={$reallangid}{$tourl}"; //exit($tourl); _header_("location:{$tourl}"); }
function mod_user($uid) { global $config, $mod; if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id'])) { error($config['error']['noaccess']); } $query = prepare('SELECT * FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); if (!($user = $query->fetch(PDO::FETCH_ASSOC))) { error($config['error']['404']); } if (hasPermission($config['mod']['editusers']) && isset($_POST['username'], $_POST['password'])) { if (isset($_POST['allboards'])) { $boards = array('*'); } else { $_boards = listBoards(); foreach ($_boards as &$board) { $board = $board['uri']; } $boards = array(); foreach ($_POST as $name => $value) { if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards)) { $boards[] = $matches[1]; } } } if (isset($_POST['delete'])) { if (!hasPermission($config['mod']['deleteusers'])) { error($config['error']['noaccess']); } $query = prepare('DELETE FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); modLog('Deleted user ' . utf8tohtml($user['username']) . ' <small>(#' . $user['id'] . ')</small>'); header('Location: ?/users', true, $config['redirect_http']); return; } if ($_POST['username'] == '') { error(sprintf($config['error']['required'], 'username')); } $query = prepare('UPDATE ``mods`` SET `username` = :username, `boards` = :boards WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':username', $_POST['username']); $query->bindValue(':boards', implode(',', $boards)); $query->execute() or error(db_error($query)); if ($user['username'] !== $_POST['username']) { // account was renamed modLog('Renamed user "' . utf8tohtml($user['username']) . '" <small>(#' . $user['id'] . ')</small> to "' . utf8tohtml($_POST['username']) . '"'); } if ($_POST['password'] != '') { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); $query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); $query->execute() or error(db_error($query)); modLog('Changed password for ' . utf8tohtml($_POST['username']) . ' <small>(#' . $user['id'] . ')</small>'); if ($uid == $mod['id']) { login($_POST['username'], $_POST['password']); setCookies(); } } if (hasPermission($config['mod']['manageusers'])) { header('Location: ?/users', true, $config['redirect_http']); } else { header('Location: ?/', true, $config['redirect_http']); } return; } if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) { if ($_POST['password'] != '') { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); $query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); $query->execute() or error(db_error($query)); modLog('Changed own password'); login($user['username'], $_POST['password']); setCookies(); } if (hasPermission($config['mod']['manageusers'])) { header('Location: ?/users', true, $config['redirect_http']); } else { header('Location: ?/', true, $config['redirect_http']); } return; } if (hasPermission($config['mod']['modlog'])) { $query = prepare('SELECT * FROM ``modlogs`` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); $log = $query->fetchAll(PDO::FETCH_ASSOC); } else { $log = array(); } $user['boards'] = explode(',', $user['boards']); mod_page(_('Edit user'), 'mod/user.html', array('user' => $user, 'logs' => $log, 'boards' => listBoards(), 'token' => make_secure_link_token('users/' . $user['id']))); }
<?php require_once 'inc/init.php'; $t = -86400 * 365 * 2; uSESSION('memberid'); uSESSION('groupid'); //session_destroy(); setCookies('username', '', $t); setCookies('userpass', '', $t); setCookies('expire', '', $t); setCookies('memberauth', '', $t); printMsg('logout_succeed');
} $odt['proid'] = $row['id']; $odt['proname'] = $row['name']; $protmppic = $webcore->getPics($row['picids'], $row['picpaths'], 0, false); $odt['picid'] = $protmppic['picid']; $odt['picpath'] = $protmppic['picpath']; $odt['addtime'] = time(); $odt['price'] = $row['price1']; $odt['langid'] = $_SYS['langid']; if ($cartid == 0) { $odt['pronum'] = 1; $db->row_insert("orderdetails", $odt); $cartid = $db->insert_id(); $odt['cartid'] = $cartid; $db->row_update("orderdetails", $odt, "id={$cartid}"); setCookies("cartid", $cartid, 3600 * 24 * 7); } else { $odtrow = $db->row_select_one("orderdetails", "proid={$proid} and cartid={$cartid} and langid={$_SYS['langid']}"); if (!empty($odtrow)) { $odt['pronum'] = $odtrow['pronum'] + 1; $db->row_update("orderdetails", $odt, "id={$odtrow['id']}"); } else { $odt['pronum'] = 1; $odt['cartid'] = $cartid; $db->row_insert("orderdetails", $odt); } } succeedFlag(); break; case "delFromCart": $proid = intval($_GET["proid"]);
function mod_user($uid) { global $config, $mod; if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['edit_profile']) && $uid == $mod['id'])) { error($config['error']['noaccess']); } if (in_array($mod['boards'][0], array('infinity', 'z'))) { error('This board has profile changing disabled.'); } $query = prepare('SELECT * FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); if (!($user = $query->fetch(PDO::FETCH_ASSOC))) { error($config['error']['404']); } if (hasPermission($config['mod']['editusers']) && isset($_POST['username'], $_POST['password'])) { if (isset($_POST['allboards'])) { $boards = array('*'); } else { $_boards = listBoards(); foreach ($_boards as &$board) { $board = $board['uri']; } $boards = array(); foreach ($_POST as $name => $value) { if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards)) { $boards[] = $matches[1]; } } } if (isset($_POST['delete'])) { if (!hasPermission($config['mod']['deleteusers'])) { error($config['error']['noaccess']); } $query = prepare('DELETE FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); modLog('Deleted user ' . utf8tohtml($user['username']) . ' <small>(#' . $user['id'] . ')</small>'); header('Location: ?/users', true, $config['redirect_http']); return; } if ($_POST['username'] == '') { error(sprintf($config['error']['required'], 'username')); } $query = prepare('UPDATE ``mods`` SET `username` = :username, `boards` = :boards WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':username', $_POST['username']); $query->bindValue(':boards', implode(',', $boards)); $query->execute() or error(db_error($query)); if ($user['username'] !== $_POST['username']) { // account was renamed modLog('Renamed user "' . utf8tohtml($user['username']) . '" <small>(#' . $user['id'] . ')</small> to "' . utf8tohtml($_POST['username']) . '"'); } if ($_POST['password'] != '') { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); $query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); $query->execute() or error(db_error($query)); modLog('Changed password for ' . utf8tohtml($_POST['username']) . ' <small>(#' . $user['id'] . ')</small>'); if ($uid == $mod['id']) { login($_POST['username'], $_POST['password']); setCookies(); } } if (hasPermission($config['mod']['manageusers'])) { header('Location: ?/users', true, $config['redirect_http']); } else { header('Location: ?/', true, $config['redirect_http']); } return; } if (hasPermission($config['mod']['edit_profile']) && $uid == $mod['id']) { if (isset($_POST['password']) && $_POST['password'] != '') { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); $query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); $query->execute() or error(db_error($query)); modLog('Changed own password'); login($user['username'], $_POST['password']); setCookies(); } if (isset($_POST['username']) && $user['username'] !== $_POST['username']) { if ($_POST['username'] == '') { error(sprintf($config['error']['required'], 'username')); } if (!preg_match('/^[a-zA-Z0-9._]{1,30}$/', $_POST['username'])) { error(_('Invalid username')); } $query = prepare('SELECT `username` FROM ``mods``'); $query->execute() or error(db_error($query)); $users = $query->fetchAll(PDO::FETCH_ASSOC); foreach ($users as $i => $v) { if (strtolower($_POST['username']) == strtolower($v['username'])) { error(_('Refusing to change your username because another user is already using it.')); } } $query = prepare('UPDATE ``mods`` SET `username` = :username WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':username', $_POST['username']); $query->execute() or error(db_error($query)); modLog('Renamed user "' . utf8tohtml($user['username']) . '" <small>(#' . $user['id'] . ')</small> to "' . utf8tohtml($_POST['username']) . '"'); } if (isset($_POST['email']) && $user['email'] !== $_POST['email'] && (empty($_POST['email']) || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))) { // account was renamed $query = prepare('UPDATE ``mods`` SET `email` = :email WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':email', $_POST['email']); $query->execute() or error(db_error($query)); modLog('Changed user\'s email "' . utf8tohtml($user['email']) . '" <small>(#' . $user['id'] . ')</small> to "' . utf8tohtml($_POST['email']) . '"'); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (hasPermission($config['mod']['manageusers'])) { header('Location: ?/users', true, $config['redirect_http']); } else { header('Location: ?/', true, $config['redirect_http']); } return; } } if (hasPermission($config['mod']['modlog'])) { $query = prepare('SELECT * FROM ``modlogs`` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); $log = $query->fetchAll(PDO::FETCH_ASSOC); } else { $log = array(); } if ($mod['type'] >= ADMIN) { $boards = listBoards(); } else { $boards2 = explode(',', $user['boards']); foreach ($boards2 as $string) { $boards[] = array("uri" => $string, "title" => _("My board")); } } $user['boards'] = explode(',', $user['boards']); mod_page(_('Edit user profile'), 'mod/user.html', array('user' => $user, 'logs' => $log, 'boards' => $boards, 'token' => make_secure_link_token('users/' . $user['id']))); }
function changeCookie() { // header("Content-Type: text/html; charset=utf-8"); //Checks if there is a login cookie if (getCookie('ID')) { if (!get_magic_quotes_gpc()) { $funcHash = addslashes(getCookie('ID')); $funcSession = addslashes(getCookie('Session_ID')); } else { $funcHash = getCookie('ID'); $funcSession = getCookie('Session_ID'); } $funcCheck = mysql_query("SELECT * FROM users WHERE sha256_user = '******'"); if ($funcCheck) { while ($funcInfo = mysql_fetch_array($funcCheck)) { // this resets the stored session id $funcNewSession = rand_string(32); $funcUpdate = "UPDATE users SET session_id='{$funcNewSession}' WHERE sha256_user='******'"; $funcResult = mysql_query($funcUpdate); if ($funcSession != $funcInfo['session_id']) { //this deletes the cookie clearCookies(); // clear the variable values $funcHash = rand_string(32); $funcSession = rand_string(32); $funcNewSession = rand_string(32); $funcCheck = rand_string(32); $funcInfo = rand_string(32); // kick them out header('Location: logout.php'); } else { // reset the cookie setCookies($funcHash, $funcNewSession); } } } else { //this deletes the cookie clearCookies(); // clear the variable values $funcHash = rand_string(32); $funcSession = rand_string(32); $funcNewSession = rand_string(32); $funcCheck = rand_string(32); $funcInfo = rand_string(32); // kick them out header('Location: logout.php'); } } else { //this deletes the cookie clearCookies(); // clear the variable values $funcHash = rand_string(32); $funcSession = rand_string(32); $funcNewSession = rand_string(32); $funcCheck = rand_string(32); $funcInfo = rand_string(32); // kick them out header('Location: logout.php'); } // clear the variable values $funcHash = rand_string(32); $funcNewSession = rand_string(32); $funcSession = rand_string(32); $funcCheck = rand_string(32); $funcInfo = rand_string(32); }
} } if ($voterow['level'] == 2 && intval(getCookies("vote{$voteid}")) == 1) { $votetips = $_SLANG['vote.voted']; } //成功投票 if (empty($votetips)) { foreach ($rows as $row) { if (in_array($row['id'], $voteitemid)) { $tip = getIP(); $db->query_unbuffered("update `{$db->pre}voteitems` set votednum=votednum+1, voteips=" . $db->concat("voteips", "'{$tip}'") . " where id={$row['id']}"); } } //写cookies if ($voterow['level'] == 2) { setCookies("vote{$voteid}", '1'); } $totalrow = $db->row_query_one("SELECT SUM(votednum) as total FROM `{$db->pre}voteitems` WHERE voteid={$voteid} LIMIT 1"); $db->query_unbuffered("update `{$db->pre}votes` set votednum={$totalrow['total']} where id={$voteid}"); $votetips = $_SLANG['vote.succeed']; } $votetips = empty($votetips) ? "" : "<div class='votesucceed'>{$votetips}</div>"; } } $votecolors = array('', '#DCEF17', '#FFBF2A', '#EA793F', '#ECA45C', '#4CBA4A', '#5D74B1', '#98C6D5', '#DD30AE', '#BDF752', '#EE335F'); $votestr .= "<div class='view_vote'>"; $voterow = $db->row_select_one("votes", "id={$id}"); $allvotednum = $voterow['votednum']; $itemrows = $db->row_select("voteitems", "voteid={$id}", 0, "*", "id"); $votestarttime = getDateStr($voterow['starttime'], 'dateonly', false); $votestoptime = getDateStr($voterow['stoptime'], 'dateonly', false);
$key = md5(rand(-100, 100) . $_SERVER['REMOTE_ADDR']); $ip = $_SERVER['REMOTE_ADDR']; $id_prac = $row['ID_PRAC']; if ($result2 = @$connectionDB->query(sprintf("SELECT * FROM sesja2 WHERE id_prac = '%s' ", mysqli_real_escape_string($connectionDB, $id_prac)))) { $rowCount2 = $result2->num_rows; // jesli ktos juz byl wczesniej zalogowany na to konto na innym komputerze to zostaje usuniety if ($rowCount2 > 0) { // usuwanie z sesji z bazy dla id usera mysqli_query($connectionDB, sprintf("call usun_sesje2('%s'); ", mysqli_real_escape_string($connectionDB, $id_prac))); // nastawianie cookies setCookies($key, $id_prac, $ip); // wstawianie do bazy nowej sesji mysqli_query($connectionDB, sprintf("call dodaj_sesje2('%s','%s','%s'); ", mysqli_real_escape_string($connectionDB, $id_prac), mysqli_real_escape_string($connectionDB, $key), mysqli_real_escape_string($connectionDB, $ip))); } else { // nastawianie cookies setCookies($key, $id_prac, $ip); // wstawianie do bazy nowej sesji mysqli_query($connectionDB, sprintf("call dodaj_sesje2('%s','%s','%s'); ", mysqli_real_escape_string($connectionDB, $id_prac), mysqli_real_escape_string($connectionDB, $key), mysqli_real_escape_string($connectionDB, $ip))); } } setcookie('error', null); $result->close(); header('location: logged.php'); //TODO // tworze cookie ( z tabelka danych do sesji) // tworze baze z sesja // na stronie moze byc https zamiast hash w js // porownuje sesje z wpisem w bazie // wylogowanie usuniêcie wpisów z bazy i cookies // event timestamp } else {
$key = md5(rand(-100, 100) . $_SERVER['REMOTE_ADDR']); $ip = $_SERVER['REMOTE_ADDR']; $id_uzyt = $row['ID_UZYT']; if ($result2 = @$connectionDB->query(sprintf("SELECT * FROM sesja WHERE id_uzt = '%s' ", mysqli_real_escape_string($connectionDB, $id_uzyt)))) { $rowCount2 = $result2->num_rows; // jesli ktos juz byl wczesniej zalogowany na to konto na innym komputerze to zostaje usuniety if ($rowCount2 > 0) { // usuwanie z sesji z bazy dla id usera mysqli_query($connectionDB, sprintf("call usun_sesje('%s'); ", mysqli_real_escape_string($connectionDB, $id_uzyt))); // nastawianie cookies setCookies($key, $id_uzyt, $ip); // wstawianie do bazy nowej sesji mysqli_query($connectionDB, sprintf("call dodaj_sesje('%s','%s','%s'); ", mysqli_real_escape_string($connectionDB, $id_uzyt), mysqli_real_escape_string($connectionDB, $key), mysqli_real_escape_string($connectionDB, $ip))); } else { // nastawianie cookies setCookies($key, $id_uzyt, $ip); // wstawianie do bazy nowej sesji mysqli_query($connectionDB, sprintf("call dodaj_sesje('%s','%s','%s'); ", mysqli_real_escape_string($connectionDB, $id_uzyt), mysqli_real_escape_string($connectionDB, $key), mysqli_real_escape_string($connectionDB, $ip))); } } setcookie('error', null); $result->close(); header('location: logged.php'); //TODO // tworze cookie ( z tabelka danych do sesji) // tworze baze z sesja // na stronie moze byc https zamiast hash w js // porownuje sesje z wpisem w bazie // wylogowanie usuni�cie wpis�w z bazy i cookies // event timestamp } else {
if ($_GET['action'] == "checklogin") { $username = strFilter($_POST['membername']); $userpass = strFilter($_POST['memberpass']); $userpass = encrypt($username, $userpass); if (empty($username) || empty($userpass)) { printMsg('signup_required_1'); } $row = $db->row_select_one("members", "membername='{$username}' and memberpass='******'"); if ($row == false) { printMsg('login_namepasserr'); } else { $uobj['logintime'] = time(); $db->row_update("members", $uobj, "id={$row['id']}"); $t = -86400 * 365 * 2; wSESSION('memberid', $row['id']); wSESSION('groupid', $row['groupid']); wSESSION('membername', $row['membername'], $t); wSESSION('memberpass', $row['memberpass'], $t); setCookies("cartid", $row['id'], 3600 * 24 * 7); //session_destroy(); setCookies('membername', $username, $t); setCookies('userpass', $userpass, $t); setCookies('expire', '', $t); wSESSION('memberauth', md5($row['membername'] . $row['memberpass'] . $cache_global['salt']), $t); printMsg('login_succeed'); } } else { require_once './header.php'; require_once getTemplatePath('login.htm'); footer(); }
function commentForm($id, $atts = NULL) { global $prefs; extract($prefs); extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts)); $namewarn = false; $emailwarn = false; $commentwarn = false; $name = pcs('name'); $email = clean_url(pcs('email')); $web = clean_url(pcs('web')); extract(doStripTags(doDeEnt(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage'))))); if ($preview) { $name = ps('name'); $email = clean_url(ps('email')); $web = clean_url(ps('web')); $nonce = getNextNonce(); $secret = getNextSecret(); safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}', secret='{$secret}'"); $namewarn = $comments_require_name && !trim($name); $emailwarn = $comments_require_email && !trim($email); $commentwarn = !trim($message); $evaluator =& get_comment_evaluator(); if ($namewarn) { $evaluator->add_estimate(RELOAD, 1, gTxt('comment_name_required')); } if ($emailwarn) { $evaluator->add_estimate(RELOAD, 1, gTxt('comment_email_required')); } if ($commentwarn) { $evaluator->add_estimate(RELOAD, 1, gTxt('comment_required')); } } // If the form fields are filled (anything other than blank), pages // really should not be saved by a public cache. rfc2616/14.9.1 if ($name || $email || $web) { header('Cache-Control: private'); } $parentid = !$parentid ? $id : $parentid; if (pcs('name') || pcs('email') || pcs('web')) { // Form-input different from Cookie, let's update the Cookie. if (cs('name') != ps('name') or cs('email') != ps('email') or cs('web') != ps('web')) { } $remember = 1; } if ($remember == 1) { setCookies($name, $email, $web); } if ($forget == 1) { destroyCookies(); } $url = $GLOBALS['pretext']['request_uri']; // Experimental clean urls with only 404-error-document on apache // possibly requires messy urls for POST requests. if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $url = hu . '?id=' . intval($parentid); } $out = '<form method="post" action="' . $url . '#cpreview" id="txpCommentInputForm">'; $Form = fetch('Form', 'txp_form', 'name', $form); $msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : ''; $msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : ''; $msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : ''; $textarea = '<textarea class="txpCommentInputMessage' . ($commentwarn ? ' comments_error"' : '"') . ' name="message" id="message" ' . $msgcols . $msgrows . $msgstyle . '>' . htmlspecialchars($message) . '</textarea>'; $comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : ''; $checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . tag(gTxt('forget'), 'label', ' for="forget"') : checkbox('remember', 1, 1) . tag(gTxt('remember'), 'label', ' for="remember"'); $vals = array('comment_name_input' => input('text', 'name', htmlspecialchars($name), $isize, 'comment_name_input' . ($namewarn ? ' comments_error' : ''), ""), 'comment_email_input' => input('text', 'email', htmlspecialchars($email), $isize, 'comment_email_input' . ($emailwarn ? ' comments_error' : ''), ""), 'comment_web_input' => input('text', 'web', htmlspecialchars($web), $isize, 'comment_web_input', ""), 'comment_message_input' => $textarea . '<!-- plugin-place-holder -->', 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), '', 'button'), 'comment_submit' => $comment_submit_button); foreach ($vals as $a => $b) { $Form = str_replace('<txp:' . $a . ' />', $b, $Form); } $form = parse($Form); $out .= $form; $out .= fInput('hidden', 'parentid', $parentid); $split = rand(1, 31); $out .= $preview ? hInput(substr($nonce, 0, $split), substr($nonce, $split)) : ''; $out .= !$preview ? fInput('hidden', 'backpage', serverset("REQUEST_URI")) : fInput('hidden', 'backpage', $backpage); $out = substr_replace($out, callback_event('comment.form'), strpos($out, '<!-- plugin-place-holder -->'), strlen('<!-- plugin-place-holder -->')); $out .= '</form>'; return $out; }
function commentForm($id, $atts = NULL) { global $prefs; extract($prefs); extract(lAtts(array('isize' => '25', 'msgrows' => '5', 'msgcols' => '25', 'msgstyle' => '', 'form' => 'comment_form'), $atts)); $namewarn = ''; $emailwarn = ''; $commentwarn = ''; $name = pcs('name'); $email = pcs('email'); $web = pcs('web'); extract(doStripTags(doDeEnt(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage'))))); if ($preview) { $name = ps('name'); $email = ps('email'); $web = ps('web'); $nonce = md5(uniqid(rand(), true)); $secret = md5(uniqid(rand(), true)); safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}', secret='{$secret}'"); $namewarn = $comments_require_name ? !trim($name) ? gTxt('comment_name_required') . br : '' : ''; $emailwarn = $comments_require_email ? !trim($email) ? gTxt('comment_email_required') . br : '' : ''; $commentwarn = !trim($message) ? gTxt('comment_required') . br : ''; } // If the form fields are filled (anything other than blank), pages // really should not be saved by a public cache. rfc2616/14.9.1 if ($name || $email || $web) { header('Cache-Control: private'); } $parentid = !$parentid ? $id : $parentid; if (pcs('name') || pcs('email') || pcs('web')) { // Form-input different from Cookie, let's update the Cookie. if (cs('name') != ps('name') or cs('email') != ps('email') or cs('web') != ps('web')) { } $remember = 1; } if ($remember == 1) { setCookies($name, $email, $web); } if ($forget == 1) { destroyCookies(); } $out = '<form method="post" action="#cpreview" id="txpCommentInputForm">'; $Form = fetch('Form', 'txp_form', 'name', $form); $msgstyle = $msgstyle ? ' style="' . $msgstyle . '"' : ''; $msgrows = ($msgrows and is_numeric($msgrows)) ? ' rows="' . intval($msgrows) . '"' : ''; $msgcols = ($msgcols and is_numeric($msgcols)) ? ' cols="' . intval($msgcols) . '"' : ''; $textarea = '<textarea class="txpCommentInputMessage" name="message"' . $msgcols . $msgrows . $msgstyle . ' tabindex="1">' . htmlspecialchars($message) . '</textarea>'; $comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : ''; $checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . gTxt('forget') : checkbox('remember', 1, 1) . gTxt('remember'); $vals = array('comment_name_input' => $namewarn . input('text', 'name', $name, $isize, 'comment_name_input', "2"), 'comment_email_input' => $emailwarn . input('text', 'email', $email, $isize, 'comment_email_input', "3"), 'comment_web_input' => input('text', 'web', $web, $isize, 'comment_web_input', "4"), 'comment_message_input' => $commentwarn . $textarea, 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), 'comment_preview', 'button'), 'comment_submit' => $comment_submit_button); foreach ($vals as $a => $b) { $Form = str_replace('<txp:' . $a . ' />', $b, $Form); } $form = parse($Form); $out .= $form; $out .= graf(fInput('hidden', 'parentid', $parentid)); $out .= $preview ? hInput('nonce', $nonce) : ''; $out .= !$preview ? graf(fInput('hidden', 'backpage', serverset("REQUEST_URI"))) : graf(fInput('hidden', 'backpage', $backpage)); $out .= '</form>'; return $out; }
$lg['groupid'] = GROUP_GUESS; //自动登录 if (!empty($lg['membername']) && !empty($lg['memberpass'])) { $lgrow = $db->row_select_one("members", "membername='{$lg[membername]}' and memberpass='******'", "id,groupid"); if (empty($lgrow)) { $lg['groupid'] = GROUP_GUESS; } else { if ($lgrow['groupid'] == GROUP_NOVERIFY || $lgrow['groupid'] == GROUP_NOVISIT || $lgrow['groupid'] == GROUP_VERIFYFAILED) { //待验证 //禁止访问 //验证不通过 $cleart = -86400 * 365 * 2; setCookies('membername', '', $cleart); setCookies('memberpass', '', $cleart); setCookies('expire', '', $cleart); _header_("location:index.php"); } else { setCookies('memberauth', md5($lg['membername'] . $lg['memberpass'] . $cache_settings['salt']), $lg['expire']); wSESSION('memberid', $lgrow['id']); wSESSION('groupid', $lgrow['groupid']); $lg['memberid'] = intval(rSESSION('memberid')); $lg['groupid'] = intval(rSESSION('groupid')); } } } } //模板相关 $_SYS['styleid'] = $cache_settings['template']; if (isset($_GET['preview'])) { $_SYS['styleid'] = $_GET['styleid']; $_SYS['styleid'] = str_replace(array("'", "/", "\\", "\"", "."), array('', '', '', '', ''), $_SYS['styleid']); } //模板路径
function saveComment() { global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs; $ref = serverset('HTTP_REFERRER'); $in = getComment(); $evaluator =& get_comment_evaluator(); extract($in); if (!checkCommentsAllowed($parentid)) { txp_die(gTxt('comments_closed'), '403'); } $ip = serverset('REMOTE_ADDR'); if (!checkBan($ip)) { txp_die(gTxt('you_have_been_banned'), '403'); } $blacklisted = is_blacklisted($ip); if ($blacklisted) { txp_die(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted), '403'); } $web = clean_url($web); $email = clean_url($email); if ($remember == 1 || ps('checkbox_type') == 'forget' && ps('forget') != 1) { setCookies($name, $email, $web); } else { destroyCookies(); } $name = doSlash(strip_tags(deEntBrackets($name))); $web = doSlash(strip_tags(deEntBrackets($web))); $email = doSlash(strip_tags(deEntBrackets($email))); $message = substr(trim($message), 0, 65535); $message2db = doSlash(markup_comment($message)); $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='" . doSlash($ip) . "'"); if ($prefs['comments_require_name'] && !trim($name) || $prefs['comments_require_email'] && !trim($email) || !trim($message)) { $evaluator->add_estimate(RELOAD, 1); // The error-messages are added in the preview-code } if ($isdup) { $evaluator->add_estimate(RELOAD, 1); } // FIXME? Tell the user about dupe? if ($evaluator->get_result() != RELOAD && checkNonce($nonce)) { callback_event('comment.save'); $visible = $evaluator->get_result(); if ($visible != RELOAD) { $parentid = assert_int($parentid); $rs = safe_insert("txp_discuss", "parentid = {$parentid},\n\t\t\t\t\t name\t\t = '{$name}',\n\t\t\t\t\t email\t = '{$email}',\n\t\t\t\t\t web\t\t = '{$web}',\n\t\t\t\t\t ip\t\t = '" . doSlash($ip) . "',\n\t\t\t\t\t message = '{$message2db}',\n\t\t\t\t\t visible = " . intval($visible) . ",\n\t\t\t\t\t posted\t = now()"); if ($rs) { safe_update("txp_discuss_nonce", "used = 1", "nonce='" . doSlash($nonce) . "'"); if ($prefs['comment_means_site_updated']) { update_lastmod(); } if ($comments_sendmail) { mail_comment($message, $name, $email, $web, $parentid, $rs); } $updated = update_comments_count($parentid); $backpage = substr($backpage, 0, $prefs['max_url_len']); $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage); $backpage = preg_replace("#(https?://[^/]+)/.*\$#", "\$1", hu) . $backpage; if (defined('PARTLY_MESSY') and PARTLY_MESSY) { $backpage = permlinkurl_id($parentid); } $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=' . ($visible == VISIBLE ? '1' : '0'); txp_status_header('302 Found'); if ($comments_moderate) { header('Location: ' . $backpage . '#txpCommentInputForm'); } else { header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs)); } log_hit('302'); $evaluator->write_trace(); exit; } } } // Force another Preview $_POST['preview'] = RELOAD; //$evaluator->write_trace(); }
function commentForm($id) { global $txpac; $namewarn = ''; $emailwarn = ''; $commentwarn = ''; $name = pcs('name'); $email = pcs('email'); $web = pcs('web'); extract(psa(array('remember', 'forget', 'parentid', 'preview', 'message', 'submit', 'backpage'))); if ($preview) { $name = ps('name'); $email = ps('email'); $web = ps('web'); $nonce = md5(uniqid(rand(), true)); safe_insert("txp_discuss_nonce", "issue_time=now(), nonce='{$nonce}'"); $namewarn = $txpac['comments_require_name'] ? !trim($name) ? gTxt('comment_name_required') . br : '' : ''; $emailwarn = $txpac['comments_require_email'] ? !trim($email) ? gTxt('comment_email_required') . br : '' : ''; $commentwarn = !trim($message) ? gTxt('comment_required') . br : ''; } $parentid = !$parentid ? $id : $parentid; if ($remember == 1) { setCookies($name, $email, $web); } if ($forget == 1) { destroyCookies(); } $out = '<form method="post" action="" style="margin-top:2em">'; $form = fetch('Form', 'txp_form', 'name', 'comment_form'); $textarea = '<textarea name="message" cols="1" rows="1" style="width:300px;height:250px" tabindex="4">' . htmlspecialchars($message) . '</textarea>'; $comment_submit_button = $preview ? fInput('submit', 'submit', gTxt('submit'), 'button') : ''; $checkbox = !empty($_COOKIE['txp_name']) ? checkbox('forget', 1, 0) . gTxt('forget') : checkbox('remember', 1, 1) . gTxt('remember'); $vals = array('comment_name_input' => $namewarn . input('text', 'name', $name, "25", '', "1"), 'comment_email_input' => $emailwarn . input('text', 'email', $email, "25", '', "2"), 'comment_web_input' => input('text', 'web', $web, "25", '', "3"), 'comment_message_input' => $commentwarn . $textarea, 'comment_remember' => $checkbox, 'comment_preview' => input('submit', 'preview', gTxt('preview'), '', 'button'), 'comment_submit' => $comment_submit_button); foreach ($vals as $a => $b) { $form = str_replace('<txp:' . $a . ' />', $b, $form); } $form = parse($form); $out .= $form; $out .= graf(fInput('hidden', 'parentid', $parentid)); $out .= $preview ? hInput('nonce', $nonce) : ''; $out .= !$preview ? graf(fInput('hidden', 'backpage', serverset("REQUEST_URI"))) : graf(fInput('hidden', 'backpage', $backpage)); $out .= '</form>'; return $out; }