/** * Connect to the database and load user details * * @param $autoclean * (optional) boolean - Check whether or not to run cleanup (default: false) */ function dbconn($autoclean = false) { global $mysql_host, $mysql_user, $mysql_pass, $mysql_db, $THEME, $LANGUAGE, $LANG, $site_config; $THEME = $LANGUAGE = null; if (!ob_get_level()) { if (extension_loaded('zlib') && !ini_get('zlib.output_compression')) { ob_start('ob_gzhandler'); } else { ob_start(); } } header("Content-Type: text/html;charset={$site_config['CHARSET']}"); function_exists("mysql_connect") or die("MySQL support not available."); @mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die('DATABASE: mysql_connect: ' . mysql_error()); @mysql_select_db($mysql_db) or die('DATABASE: mysql_select_db: ' . mysql_error()); unset($mysql_pass); //security userlogin(); //Get user info //Get language and theme $CURUSER = $GLOBALS["CURUSER"]; $ss_a = mysql_fetch_assoc(SQL_Query_exec("select uri from stylesheets where id='" . ($CURUSER ? $CURUSER['stylesheet'] : $site_config['default_theme']) . "'")); $THEME = $ss_a["uri"]; $lng_a = mysql_fetch_assoc(SQL_Query_exec("select uri from languages where id='" . ($CURUSER ? $CURUSER['language'] : $site_config['default_language']) . "'")); $LANGUAGE = $lng_a["uri"]; require_once "languages/{$LANGUAGE}"; if ($autoclean) { autoclean(); } }
function processsubmission() { global $logged_in, $user, $HTTP_POST_VARS, $list_prefix, $HTTP_GET_VARS, $MAIN; //lets make sure anonymous requests are accepted as "logged in". if (isset($HTTP_POST_VARS['anonymous'])) { $logged_in = 1; $email = 'anonymous'; $username = '******'; } else { $email = $user['email']; $username = $user['username']; } //lets accept request from users who are not cookied but are logging in. if (!$logged_in && isset($HTTP_POST_VARS['user'])) { $user = userlogin($HTTP_POST_VARS['user'], $HTTP_POST_VARS['pass'], $HTTP_POST_VARS['automatic']); if (0 != strcmp($user['email'], "anonymous")) { $logged_in = 1; $email = $user['email']; $username = $user['username']; } } //lets see if our user is logged in if (!$logged_in) { //if our user is not logged in we will redo the form for them with the data pre-entered. submissionform_redo(); } else { //if they are logged in we will process the request. $req_date = time(); if (!is_numeric($HTTP_GET_VARS['request'])) { die("HACKING ATTEMPT"); } //we need to find out what the next id number is, add one to it, and then add it to the sql insert. $sql = "SELECT * FROM " . $list_prefix . "praise_list ORDER BY `id` DESC;"; $result = db_query($sql); if ($result) { $rows = db_num_rows($result); } else { $rows = 0; } if ($rows > 0) { $row = db_fetch_array($result); $idval = $row['id'] + 1; } else { $idval = 1; } //lets do the sql insert $sql = "INSERT INTO " . $list_prefix . "praise_list (id, request, praise, postdate, left_by, username) VALUES ('" . $idval . "', '" . $HTTP_GET_VARS['request'] . "', '" . $HTTP_POST_VARS['praise'] . "', '" . $req_date . "', '" . addslashes($email) . "', '" . $username . "');"; $result = db_query($sql); if ($result) { $CONTENT = "Your praise been processed.<BR>\r\n"; } else { $CONTENT = "ERROR: the server was unable to process your praise at this time.<BR>\r\n"; $CONTENT .= "The SQL query was: " . $sql . "<BR>\r\n"; } $WORK = insert_into_template($MAIN, "{CONTENT}", $CONTENT); $WORK = filltemplate($WORK, "Leave Praise"); printf("%s", striptemplate($WORK)); } }
function checkuser() { if ($_SESSION['user_status'] == true) { $array = ['user_id' => $_SESSION['user_id'], 'user_status' => $_SESSION['user_status'], 'name' => $_SESSION['myname'], 'propic' => $_SESSION['propic']]; return json_encode($array); } else { userlogin(); $array = ['user_id' => $_SESSION['user_id'], 'user_status' => $_SESSION['user_status'], 'name' => $myname, 'propic' => $propic]; return json_encode($array); } }
public function login() { global $_G; $validate_error = array(); //数据验证 $validate_error_rules = $this->rules(); if ($validate_error_rules !== true) { return $validate_error_rules; } require_once libfile('function/member'); $input_email = $_POST['email']; $input_password = $_POST['password']; $input_rememberme = $_POST['rememberme']; if (!($_G['member_loginperm'] = logincheck($input_email))) { $validate_error['password'] = '******'; return $validate_error; } $result = userlogin($input_email, $input_password, 0, 0, 'email', $_G['clientip']); if ($result['status'] <= 0) { $password = preg_replace("/^(.{" . round(strlen($input_password) / 4) . "})(.+?)(.{" . round(strlen($input_password) / 6) . "})\$/s", "\\1***\\3", $input_password); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $input_email) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($input_email); failedip(); if ($_G['member_loginperm'] > 1) { $loginperm = $_G['member_loginperm'] - 1; $validate_error['password'] = '******' . $loginperm . ' 次'; return $validate_error; } elseif ($_G['member_loginperm'] == -1) { $validate_error['password'] = '******'; return $validate_error; } else { $validate_error['password'] = '******'; return $validate_error; } } else { setloginstatus($result['member'], $_GET['rememberme'] ? 2592000 : 0); //是否记住密码,自动登录 if ($_G['member']['lastip'] && $_G['member']['lastvisit']) { dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']); } C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP)); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; //是否Ucenter同步登录 return true; } }
function dbconn($autoclean = false) { global $mysql_host, $mysql_user, $mysql_pass, $mysql_db; if (!@mysql_connect($mysql_host, $mysql_user, $mysql_pass)) { switch (mysql_errno()) { case 1040: case 2002: if ($_SERVER['REQUEST_METHOD'] == "GET") { die("<html><head><meta http-equiv='refresh' content=\"5 {$_SERVER['REQUEST_URI']}\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>"); } else { die("Too many users. Please press the Refresh button in your browser to retry."); } default: die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error()); } } mysql_select_db($mysql_db) or die('dbconn: mysql_select_db: ' . mysql_error()); userlogin(); if ($autoclean) { register_shutdown_function("autoclean"); } }
function on_login() { global $_G; empty($mrefreshtime) && ($mrefreshtime = 2000); if ($_G['uid']) { $ucsynlogin = uc_user_synlogin($_G['uid']); $param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['member']['uid']); showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1)); } if (!($_G['member_loginperm'] = logincheck())) { showmessage('login_strike'); } if (!submitcheck('loginsubmit', 1)) { $_G['referer'] = dreferer(); $cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : ''; $username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : ''; include template('member/login'); } else { $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; $result = userlogin($_G['gp_username'], $_G['gp_password'], null, null, 'auto'); if ($result['status'] > 0) { setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0); $ucsynlogin = uc_user_synlogin($_G['uid']); $message = 1; $param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['uid']); showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1)); } else { $password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_G['member_loginperm']); $fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid'; showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'])); } } }
function check_user_login() { global $_G; $admin_username = isset($_POST['admin_username']) ? trim($_POST['admin_username']) : ''; if ($admin_username != '') { require_once libfile('function/member'); if (logincheck($_POST['admin_username'])) { if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && $_G['config']['admincp']['forcesecques']) { $this->do_user_login(); } $result = userlogin($_POST['admin_username'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer']); if ($result['status'] == 1) { $cpgroupid = DB::result_first("SELECT uid FROM " . DB::table('common_admincp_member') . " WHERE uid='{$result['member']['uid']}'"); if ($cpgroupid || $this->checkfounder($result['member'])) { DB::insert('common_admincp_session', array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $this->panel, 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true); setloginstatus($result['member'], 0); dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid'))); } else { $this->cpaccess = -2; } } else { loginfailed($_POST['admin_username']); } } else { $this->cpaccess = -4; } } }
function dbconn($do_clean = false) { global $dbhost, $dbuser, $dbpass, $database, $language; if ($GLOBALS['persist']) { $conres = $GLOBALS["___mysqli_ston"] = mysqli_connect($dbhost, $dbuser, $dbpass); } else { $conres = $GLOBALS["___mysqli_ston"] = mysqli_connect($dbhost, $dbuser, $dbpass); } if (!$conres) { switch (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) { case 1040: case 2002: if ($_SERVER['REQUEST_METHOD'] == 'GET') { die('<html><head><meta http-equiv=refresh content="20;' . $_SERVER['REQUEST_URI'] . '"></head><body><table border="0" width="100%" height="100%"><tr><td><h3 align="center">' . $language['ERR_SERVER_LOAD'] . '</h3></td></tr></table></body></html>'); } die($language['ERR_CANT_CONNECT']); default: die('[' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) . '] dbconn: mysql_connect: ' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); } } if ($GLOBALS["charset"] == "UTF-8") { do_sqlquery("SET NAMES utf8"); } (bool) mysqli_query($GLOBALS["___mysqli_ston"], "USE {$database}") or die($language['ERR_CANT_OPEN_DB'] . ' ' . $database . ' - ' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); userlogin(); if ($do_clean) { register_shutdown_function('cleandata'); } }
function login() { /*{{{*/ require_once dirname(dirname(dirname(__FILE__))) . '/bigappjson.class.php'; $username = isset($_REQUEST["username"]) ? $_REQUEST["username"] : ""; $password = isset($_REQUEST["password"]) ? $_REQUEST["password"] : ""; global $_G; $_GET['username'] = $username; $_GET['password'] = $password; //////////////////////////////////////////// //$_GET['questionid'] = $_GET['answer'] = ''; if (isset($_REQUEST['questionid'])) { $questionid = intval($_REQUEST['questionid']); } else { $questionid = 0; } if (isset($_REQUEST['answer'])) { $answer = $_REQUEST['answer']; } else { $answer = ''; } if (function_exists('iconv')) { $userName = iconv('UTF-8', CHARSET . '//ignore', $username); $answer = iconv('UTF-8', CHARSET . '//ignore', $answer); } else { $userName = mb_convert_encoding($username, CHARSET, 'UTF-8'); $answer = mb_convert_encoding($answer, CHARSET, 'UTF-8'); } //////////////////////////////////////////// $_GET['loginfield'] = 'username'; require_once libfile('function/member'); require_once libfile('class/member'); require_once libfile('function/misc'); require_once libfile('function/mail'); loaducenter(); if (!($_G['member_loginperm'] = logincheck($userName))) { echo BIGAPPJSON::encode(array('error_code' => 3, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors')))); die(0); } $result = userlogin($userName, $password, $questionid, $answer, 'username', $_G['clientip']); if ($result['ucresult']['uid'] == '-3') { echo BIGAPPJSON::encode(array('error_code' => 9, 'error_msg' => lang('plugin/bigapp', 'user_seq_question'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'user_seq_question')))); die(0); } $uid = $_G['uid'] = $result['ucresult']['uid']; $userName = $result['ucresult']['username']; $userAvatar = avatar($_G['uid'], 'big', true); $userAvatar = str_replace("\r", '', $userAvatar); $userAvatar = str_replace("\n", '', $userAvatar); $ctlObj = new logging_ctl(); $ctlObj->setting = $_G['setting']; if ($result['status'] == -1) { if (!$ctlObj->setting['fastactivation']) { echo BIGAPPJSON::encode(array('error_code' => 5, 'error_msg' => lang('plugin/bigapp', 'activate_first'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed')))); die(0); } $init_arr = explode(',', $ctlObj->setting['initcredits']); $groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid']; C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr); $result['member'] = getuserbyuid($uid); $result['status'] = 1; } if ($result['status'] > 0) { if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) { require_once $ctlObj->extrafile; } setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0); checkfollowfeed(); C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP)); if (isset($result['member']['password'])) { unset($result['member']['password']); } if (isset($result['member']['credits'])) { unset($result['member']['credits']); } ///////////////////////////////////////////////// // 登录成功,进行绑定 $plat = $_GET["platform"]; if ($plat == "qq") { include_once CUR_PATH . "/../qqconnect/bind.php"; } else { if ($plat == 'wechat') { include_once CUR_PATH . "/../wechatconnect/bind.php"; } } ///////////////////////////////////////////////// echo BIGAPPJSON::encode(array('error_code' => 0, 'error_msg' => lang('plugin/bigapp', 'bind_succ'), 'data' => $result['member'], 'Message' => array('messageval' => 'login_succeed', 'messagestr' => lang('plugin/bigapp', 'bind_succ')), 'Variables' => array('auth' => 'in order to be comapatible'))); die(0); } if ($_G['member_loginperm'] > 1) { echo BIGAPPJSON::encode(array('error_code' => 6, 'error_msg' => lang('plugin/bigapp', 'login_failed'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed')))); } elseif ($_G['member_loginperm'] == -1) { echo BIGAPPJSON::encode(array('error_code' => 7, 'error_msg' => lang('plugin/bigapp', 'error_password'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'error_password')))); } else { echo BIGAPPJSON::encode(array('error_code' => 8, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors')))); } die(0); }
function on_login() { global $_G; if ($_G['uid']) { $referer = dreferer(); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; $param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']); showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin)); } $from_connect = $this->setting['connect']['allow'] && !empty($_GET['from']) ? 1 : 0; $seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2; $seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck; $invite = getinvite(); if (!submitcheck('loginsubmit', 1, $seccodestatus)) { $auth = ''; $username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : ''; if (!empty($_GET['auth'])) { list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE')); $username = dhtmlspecialchars($username); $auth = dhtmlspecialchars($_GET['auth']); } $cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : ''; if ($seccodecheck) { $seccode = random(6, 1) + $seccode[0] * 1000000; } if ($this->extrafile && file_exists($this->extrafile)) { require_once $this->extrafile; } $navtitle = lang('core', 'title_login'); include template($this->template); } else { if (!empty($_GET['auth'])) { list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE'))); } if (!($_G['member_loginperm'] = logincheck($_GET['username']))) { showmessage('login_strike'); } if ($_GET['fastloginfield']) { $_GET['loginfield'] = $_GET['fastloginfield']; } $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) { showmessage('profile_passwd_illegal'); } $result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']); $uid = $result['ucresult']['uid']; if (!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) { $_GET['username'] = $result['ucresult']['username']; $this->logging_more($result['ucresult']['uid'] == -3); } if ($result['status'] == -1) { if (!$this->setting['fastactivation']) { $auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE'); showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true)); } else { $init_arr = explode(',', $this->setting['initcredits']); $groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid']; C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr); $result['member'] = getuserbyuid($uid); $result['status'] = 1; } } if ($result['status'] > 0) { if ($this->extrafile && file_exists($this->extrafile)) { require_once $this->extrafile; } setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0); checkfollowfeed(); if ($_G['member']['lastip'] && $_G['member']['lastvisit']) { dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']); } C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP)); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; if ($invite['id']) { $result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid); if (!$result) { C::t('common_invite')->update($invite['id'], array('fuid' => $uid, 'fusername' => $_G['username'])); updatestat('invite'); } else { $invite = array(); } } if ($invite['uid']) { require_once libfile('function/friend'); friend_make($invite['uid'], $invite['username'], false); dsetcookie('invite_auth', ''); if ($invite['appid']) { updatestat('appinvite'); } } $param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0); $extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin); $loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed'; $location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer(); if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) { if (defined('IN_MOBILE')) { showmessage($loginmessage, $location, $param, array('location' => true)); } else { if (!empty($_GET['lssubmit'])) { if (!$ucsynlogin) { $extra['location'] = true; } showmessage($loginmessage, $location, $param, $extra); } else { $href = str_replace("'", "\\'", $location); showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false, 'showdialog' => true)); } } } else { showmessage($loginmessage, $location, $param, $extra); } } else { $password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_GET['username']); $fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid'; if ($_G['member_loginperm'] > 1) { showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1)); } elseif ($_G['member_loginperm'] == -1) { showmessage('login_password_invalid'); } else { showmessage('login_strike'); } } } }
function registerUser() { global $application; $redirectUrl = '/dashboard/'; $get_params = getparametersvalform(array('name', 'emailadd', 'userpwd', 'phone')); extract($get_params); if (checkuseravailbyid($emailadd) == TRUE) { if ($userpwd != '' && $emailadd != '') { if (isValidEmail($emailadd)) { $insert_id = Insertintouserprofile($name, $emailadd, md5($userpwd), $phone); if (is_numeric($insert_id) && $insert_id > 0) { userlogin($application, 'LOGIN'); } } else { $application->flash('reg_valid', 'Please enter valid Email Address'); $application->redirect('/'); } } else { $application->flash('reg_mand', 'Please Enter Email Address and Password'); $application->redirect('/'); } } else { $application->flash('reg_avail', 'This email is not available.'); $application->redirect('/'); } }
$olddiscuz_user = $_G['username']; $olddiscuz_userss = $_G['member']['username']; if (!$user) { $newuid = DB::result_first("SELECT uid FROM " . DB::table('common_member') . " WHERE username='******'gp_username']}'"); if (DB::result_first("SELECT COUNT(*) FROM " . DB::table('myrepeats') . " WHERE uid='{$newuid}' AND username='******'")) { $username = htmlspecialchars($_G['gp_username']); include template('myrepeats:switch_login'); exit; } showmessage('myrepeats:user_nonexistence'); } elseif ($user['locked']) { $usernamess = stripslashes($_G['gp_username']); showmessage('myrepeats:user_locked', '', array('user' => $usernamess)); } list($password, $questionid, $answer) = explode("\t", authcode($user['logindata'], 'DECODE', $_G['config']['security']['authkey'])); $result = userlogin($_G['gp_username'], $password, $questionid, $answer); $_G['myrepeats_ucresult'] = $result['ucresult']; if ($result['status'] > 0) { setloginstatus($result['member'], 2592000); DB::query("UPDATE " . DB::table('myrepeats') . " SET lastswitch='" . TIMESTAMP . "' WHERE uid='{$olddiscuz_uid}' AND username='******'gp_username']}'"); $ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; dsetcookie('mrn', ''); dsetcookie('mrd', ''); $comment = $user['comment'] ? '(' . $user['comment'] . ') ' : ''; showmessage('myrepeats:login_succeed', $referer, array('user' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'comment' => $comment), array('showmsg' => 1, 'showdialog' => 1, 'locationtime' => 3, 'extrajs' => $ucsynlogin)); } elseif ($result['status'] == -1) { clearcookies(); $_G['myrepeats_ucresult']['username'] = addslashes($_G['myrepeats_ucresult']['username']); $_G['username'] = ''; $_G['uid'] = 0; $auth = authcode($_G['myrepeats_ucresult']['username'] . "\t" . formhash(), 'ENCODE');
function dbconn($do_clean = false) { global $dbhost, $dbuser, $dbpass, $database, $HTTP_SERVER_VARS, $db; /* * Connect to Database. */ if ($GLOBALS["persist"]) { $db = new mysqli($dbhost, $dbuser, $dbpass, $database); } else { $db = new mysqli($dbhost, $dbuser, $dbpass, $database); } if ($db->connect_error) { die('Connect Error (' . $db->connect_errno . ') ' . $db->connect_error); } userlogin(); if ($do_clean) { register_shutdown_function("cleandata"); } }
function on_login() { global $_G; if ($_G['uid']) { $ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; $param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid']); showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin)); } $seccodecheck = $_G['setting']['seccodestatus'] & 2; $invite = getinvite(); if (!submitcheck('loginsubmit', 1, $seccodecheck)) { $_G['referer'] = dreferer(); $thetimenow = '(GMT ' . ($_G['setting']['timeoffset'] > 0 ? '+' : '') . $_G['setting']['timeoffset'] . ') ' . dgmdate(TIMESTAMP, 'u') . ($cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : ''); if ($seccodecheck) { $seccode = random(6, 1) + $seccode[0] * 1000000; } $username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : ''; $navtitle = lang('core', 'title_login'); include template('member/login'); } else { if (!($_G['member_loginperm'] = logincheck())) { showmessage('login_strike'); } if ($_G['gp_fastloginfield']) { $_G['gp_loginfield'] = $_G['gp_fastloginfield']; } $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; $result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $_G['setting']['autoidselect'] ? 'auto' : $_G['gp_loginfield']); if ($result['status'] > 0) { setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0); DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'"); $ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; include_once libfile('function/stat'); updatestat('login', 1); updatecreditbyaction('daylogin', $_G['uid']); checkusergroup($_G['uid']); if ($invite['id']) { DB::update("common_invite", array('fuid' => $uid, 'fusername' => $username), array('id' => $invite['id'])); updatestat('invite'); } if ($invite['uid']) { require_once libfile('function/friend'); friend_make($invite['uid'], $invite['username'], false); dsetcookie('invite_auth', ''); if ($invite['appid']) { updatestat('appinvite'); } } if (!empty($_G['inajax']) && empty($_G['gp_quickforward'])) { $_G['setting']['msgforward'] = unserialize($_G['setting']['msgforward']); $mrefreshtime = intval($_G['setting']['msgforward']['refreshtime']) * 1000; loadcache('usergroups'); $usergroups = addslashes($_G['cache']['usergroups'][$_G['groupid']]['grouptitle']); $message = 1; include template('member/login'); } else { $param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid'], 'syn' => $ucsynlogin ? 1 : 0); if ($_G['groupid'] == 8) { showmessage('login_succeed_inactive_member', 'home.php?mod=space&do=home', $param, array('extrajs' => $ucsynlogin)); } else { showmessage('login_succeed', $invite ? 'home.php?mod=space&do=home' : dreferer(), $param, array('extrajs' => $ucsynlogin)); } } } elseif ($result['status'] == -1) { $auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE'); $location = 'member.php?mod=' . $_G['setting']['regname'] . '&action=activation&auth=' . rawurlencode($auth); if ($_G['inajax'] && empty($_G['gp_quickforward'])) { $message = 2; include template('member/login'); } else { showmessage('login_activation', $location); } } else { $password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_G['member_loginperm']); $fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid'; showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'])); } } }
case 'add_user': if (isset($_SESSION['logged_in']) && $_SESSION['level'] <= USER_SUPERUSER) { add_user($page[1]); } break; case 'register': if (isset($CONFIG['login_required']) && $CONFIG['login_required'] == 1) { register_user($page[1]); } break; case 'login': if (isset($CONFIG['login_required']) && $CONFIG['login_required'] == 1) { if (isset($_SESSION['logged_in'])) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF'])); } else { userlogin($page[1]); } } else { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF'])); } break; case 'admin': if (isset($_SESSION['logged_in'])) { /* already logged in */ } else { adminlogin($page[1]); } break; case 'bottom': $query = "SELECT * FROM " . db_tablename('quotes') . " WHERE queue=0 and rating < 0 ORDER BY rating ASC LIMIT " . $limit; quote_generation($query, lang('bottom_title'), -1);
function login() { //this function draws a complete login form global $user, $HTTP_POST_VARS; //lets make sure that if our user is logged in or logging in that we know it. if (!isset($user)) { $user = getuserinfo(); } if (0 == strcmp($user['username'], "anonymous") && isset($HTTP_POST_VARS['user'])) { $user = userlogin($HTTP_POST_VARS['user'], $HTTP_POST_VARS['pass'], $HTTP_POST_VARS['automatic']); } //lets see if we need to present the user with a login box if (0 == strcmp($user['username'], "anonymous")) { if (iset($_SERVER["QUERY_STRING"])) { $url = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"] . "&login=1"; } else { $url = $_SERVER["SCRIPT_NAME"] . "?login=1"; } $WORK = "Please Enter your username and password to login:<BR>\r\n"; $WORK .= "<form method='post' action='" . $url . "'>\r\n"; $WORK .= "Username: <input type='text' name='user' size='20'><BR>\r\n"; $WORK .= "Password: <input type='password' name='pass' size='20'><BR>\r\n"; $WORK .= "Log me on automatically each visit: <input type='checkbox' name='automatic' checked><BR>\r\n"; $WORK .= "<input type='submit' value='Login'>\r\n"; $WORK .= "</form>\r\n"; } else { $WORK = "You are currently logged in as " . $user['username'] . ".<BR>\r\n"; } return $WORK; }
function check_user_login() { global $_G; $admin_email = isset($_POST['admin_email']) ? trim($_POST['admin_email']) : ''; if ($admin_email != '') { if (logincheck($_POST['admin_email'])) { if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && ($_G['config']['admincp']['forcesecques'] || $_G['group']['forcesecques'])) { $this->do_user_login(); } $result = userlogin($_POST['admin_email'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer'], 'auto', $this->core->var['clientip']); if ($result['status'] == 1) { if ($this->checkfounder($result['member']) || $result['member']['groupid'] == 1 || $result['member']['groupid'] == 2) { C::t('admincp_session')->insert(array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $result['member']['groupid'], 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true); setloginstatus($result['member'], 0); dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid'))); } else { $this->cpaccess = -2; } } else { loginfailed($_POST['admin_email']); } } else { $this->cpaccess = -4; } } }
$olddiscuz_userss = $discuz_userss; if(!$user) { showmessage('myrepeats:user_nonexistence'); } elseif($user['locked']) { $usernamess = stripslashes($username); showmessage('myrepeats:user_locked'); } list($password, $questionid, $answer) = explode("\t", authcode($user['logindata'], 'DECODE', $_DCACHE['settings']['authkey'])); $referer = dreferer(); if(!($loginperm = logincheck())) { showmessage('myrepeats:login_strike'); } $result = userlogin(); if($result > 0) { $db->query("UPDATE {$tablepre}myrepeats SET lastswitch='$timestamp' WHERE uid='$olddiscuz_uid' AND username='******'", ''); $ucsynlogin = $allowsynlogin ? uc_user_synlogin($discuz_uid) : ''; dsetcookie('mrn', '', -1); dsetcookie('mrd', '', -1); $comment = $user['comment'] ? '('.$user['comment'].') ' : ''; if(!$db->result_first("SELECT COUNT(*) FROM {$tablepre}myrepeats WHERE uid='$discuz_uid' AND username='******'")) { $olddiscuz_userssenc = rawurlencode($olddiscuz_userss); showmessage('myrepeats:login_succeed_rsnonexistence'); } else { showmessage('myrepeats:login_succeed', $referer); } } elseif($result == -1) { $ucresult['username'] = addslashes($ucresult['username']); $auth = authcode("$ucresult[username]\t".FORMHASH, 'ENCODE');
function on_login() { global $_G; if ($_G['uid']) { $referer = dreferer(); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; $param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']); showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin)); } $from_connect = $this->setting['connect']['allow'] && !empty($_G['gp_from']) ? 1 : 0; $seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2; $seccodestatus = !empty($_G['gp_lssubmit']) ? false : $seccodecheck; $invite = getinvite(); if (!submitcheck('loginsubmit', 1, $seccodestatus)) { $auth = ''; $username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : ''; if (!empty($_G['gp_auth'])) { list($username, $password, $questionexist) = explode("\t", authcode($_G['gp_auth'], 'DECODE')); $username = htmlspecialchars($username); if ($username && $password) { $auth = htmlspecialchars($_G['gp_auth']); } else { $auth = ''; } } $cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_G['gp_cookietime']) ? 'checked="checked"' : ''; if ($seccodecheck) { $seccode = random(6, 1) + $seccode[0] * 1000000; } if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) { require_once libfile('member/' . $this->extrafile, 'module'); } $navtitle = lang('core', 'title_login'); include template($this->template); } else { if (!empty($_G['gp_auth'])) { list($_G['gp_username'], $_G['gp_password']) = daddslashes(explode("\t", authcode($_G['gp_auth'], 'DECODE'))); } if (!($_G['member_loginperm'] = logincheck($_G['gp_username']))) { showmessage('login_strike'); } if ($_G['gp_fastloginfield']) { $_G['gp_loginfield'] = $_G['gp_fastloginfield']; } $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; if (!$_G['gp_password'] || $_G['gp_password'] != addslashes($_G['gp_password'])) { showmessage('profile_passwd_illegal'); } $result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $this->setting['autoidselect'] ? 'auto' : $_G['gp_loginfield']); $uid = $result['ucresult']['uid']; if (!empty($_G['gp_lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck && $result['status'] > 0)) { $_G['gp_username'] = $result['ucresult']['username']; $_G['gp_password'] = stripslashes($_G['gp_password']); $this->logging_more($result['ucresult']['uid'] == -3); } if ($result['status'] == -1) { if (!$this->setting['fastactivation']) { $auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE'); showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true)); } else { $result = daddslashes($result); $init_arr = explode(',', $this->setting['initcredits']); DB::insert('common_member', array('uid' => $uid, 'username' => $result['ucresult']['username'], 'password' => md5(random(10)), 'email' => $result['ucresult']['email'], 'adminid' => 0, 'groupid' => $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'], 'regdate' => TIMESTAMP, 'credits' => $init_arr[0], 'timeoffset' => 9999)); DB::insert('common_member_status', array('uid' => $uid, 'regip' => $_G['clientip'], 'lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP, 'lastpost' => 0, 'lastsendmail' => 0)); DB::insert('common_member_profile', array('uid' => $uid)); DB::insert('common_member_field_forum', array('uid' => $uid)); DB::insert('common_member_field_home', array('uid' => $uid)); DB::insert('common_member_count', array('uid' => $uid, 'extcredits1' => $init_arr[1], 'extcredits2' => $init_arr[2], 'extcredits3' => $init_arr[3], 'extcredits4' => $init_arr[4], 'extcredits5' => $init_arr[5], 'extcredits6' => $init_arr[6], 'extcredits7' => $init_arr[7], 'extcredits8' => $init_arr[8])); manyoulog('user', $uid, 'add'); $result['member'] = DB::fetch_first("SELECT * FROM " . DB::table('common_member') . " WHERE uid='{$uid}'"); $result['status'] = 1; } } if ($result['status'] > 0) { if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) { require_once libfile('member/' . $this->extrafile, 'module'); } setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0); DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'"); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; if ($invite['id']) { $result = DB::result_first("SELECT COUNT(*) FROM " . DB::table('common_invite') . " WHERE uid='{$invite['uid']}' AND fuid='{$uid}'"); if (!$result) { DB::update("common_invite", array('fuid' => $uid, 'fusername' => $_G['username']), array('id' => $invite['id'])); updatestat('invite'); } else { $invite = array(); } } if ($invite['uid']) { require_once libfile('function/friend'); friend_make($invite['uid'], $invite['username'], false); dsetcookie('invite_auth', ''); if ($invite['appid']) { updatestat('appinvite'); } } $param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0); $extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin); $loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed'; $location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer(); if (empty($_G['gp_handlekey']) || !empty($_G['gp_lssubmit'])) { if (defined('IN_MOBILE')) { showmessage('location_login_succeed_mobile', $location, array('username' => $result['ucresult']['username']), array('location' => true)); } else { if (!empty($_G['gp_lssubmit'])) { if (!$ucsynlogin) { $extra['location'] = true; } showmessage($loginmessage, $location, $param, $extra); } else { $href = str_replace("'", "\\'", $location); showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false)); } } } else { showmessage($loginmessage, $location, $param, $extra); } } else { $password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_G['gp_username']); $fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid'; showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'])); } } }
function dbconn($do_clean = false) { global $dbhost, $dbuser, $dbpass, $database, $HTTP_SERVER_VARS, $db; /* * Connect to Database. */ if ($GLOBALS["persist"]) { $db = new mysqli($dbhost, $dbuser, $dbpass, $database); } else { $db = new mysqli($dbhost, $dbuser, $dbpass, $database); } /* * This is the "official" OO way to do it, * BUT $connect_error was broken until PHP 5.2.9 and 5.3.0. */ if ($db->connect_error) { die('Connect Error (' . $db->connect_errno . ') ' . $db->connect_error); } $db->query("SET NAMES UTF8"); $db->query("SET collation_connection = 'utf8_general_ci'"); userlogin(); if ($do_clean) { register_shutdown_function("cleandata"); } }
function on_login() { global $_G; if($_G['uid']) { $referer = dreferer(); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; $param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']); showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin)); } list($seccodecheck) = seccheck('login'); if(!empty($_GET['auth'])) { $dauth = authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']); list(,,,$secchecklogin2) = explode("\t", $dauth); if($secchecklogin2) { $seccodecheck = true; } } $seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck; $invite = getinvite(); if(!submitcheck('loginsubmit', 1, $seccodestatus)) { $auth = ''; $username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : ''; if(!empty($_GET['auth'])) { list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey'])); $username = dhtmlspecialchars($username); $auth = dhtmlspecialchars($_GET['auth']); } $cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : ''; if($seccodecheck) { $seccode = random(6, 1) + $seccode{0} * 1000000; } if($this->extrafile && file_exists($this->extrafile)) { require_once $this->extrafile; } $navtitle = lang('core', 'title_login'); include template($this->template); } else { if(!empty($_GET['auth'])) { list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']))); } $loginhash = !empty($_GET['loginhash']) && preg_match('/^\w+$/', $_GET['loginhash']) ? $_GET['loginhash'] : ''; if(!($_G['member_loginperm'] = logincheck($_GET['username']))) { captcha::report($_G['clientip']); showmessage('login_strike'); } if($_GET['fastloginfield']) { $_GET['loginfield'] = $_GET['fastloginfield']; } $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) { showmessage('profile_passwd_illegal'); } $result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']); $uid = $result['ucresult']['uid']; if(!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) { $_GET['username'] = $result['ucresult']['username']; $this->logging_more($result['ucresult']['uid'] == -3); } if($result['status'] == -1) { if(!$this->setting['fastactivation']) { $auth = authcode($result['ucresult']['username']."\t".FORMHASH, 'ENCODE'); showmessage('location_activation', 'member.php?mod='.$this->setting['regname'].'&action=activation&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()), array(), array('location' => true)); } else { $init_arr = explode(',', $this->setting['initcredits']); $groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid']; C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr); $result['member'] = getuserbyuid($uid); $result['status'] = 1; } } if($result['status'] > 0) { if($this->extrafile && file_exists($this->extrafile)) { require_once $this->extrafile; } setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0); checkfollowfeed(); if($_G['group']['forcelogin']) { if($_G['group']['forcelogin'] == 1) { clearcookies(); showmessage('location_login_force_qq'); } elseif($_G['group']['forcelogin'] == 2 && $_GET['loginfield'] != 'email') { clearcookies(); showmessage('location_login_force_mail'); } } if($_G['member']['lastip'] && $_G['member']['lastvisit']) { dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']); } C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP)); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; $pwold = false; if($this->setting['strongpw'] && !$this->setting['pwdsafety']) { if(in_array(1, $this->setting['strongpw']) && !preg_match("/\d+/", $_GET['password'])) { $pwold = true; } if(in_array(2, $this->setting['strongpw']) && !preg_match("/[a-z]+/", $_GET['password'])) { $pwold = true; } if(in_array(3, $this->setting['strongpw']) && !preg_match("/[A-Z]+/", $_GET['password'])) { $pwold = true; } if(in_array(4, $this->setting['strongpw']) && !preg_match("/[^a-zA-z0-9]+/", $_GET['password'])) { $pwold = true; } } if($_G['member']['adminid'] != 1) { if($this->setting['accountguard']['loginoutofdate'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > 90 * 86400) { C::t('common_member')->update($_G['uid'], array('freeze' => 2)); C::t('common_member_validate')->insert(array( 'uid' => $_G['uid'], 'submitdate' => TIMESTAMP, 'moddate' => 0, 'admin' => '', 'submittimes' => 1, 'status' => 0, 'message' => '', 'remark' => '', ), false, true); manage_addnotify('verifyuser'); showmessage('location_login_outofdate', 'home.php?mod=spacecp&ac=profile&op=password&resend=1', array('type' => 1), array('showdialog' => true, 'striptags' => false, 'locationtime' => true)); } if($this->setting['accountguard']['loginpwcheck'] && $pwold) { $freeze = $pwold; if($this->setting['accountguard']['loginpwcheck'] == 2 && $freeze) { C::t('common_member')->update($_G['uid'], array('freeze' => 1)); } } } $seccheckrule = & $_G['setting']['seccodedata']['rule']['login']; if($seccheckrule['allow'] == 2) { if($seccheckrule['nolocal']) { require_once libfile('function/misc'); $lastipConvert = process_ipnotice(convertip($_G['member']['lastip'])); $nowipConvert = process_ipnotice(convertip($_G['clientip'])); if($lastipConvert != $nowipConvert && stripos($lastipConvert, $nowipConvert) == false && stripos($nowipConvert, $lastipConvert) == false) { $seccodecheck = true; } } if(!$seccodecheck && $seccheckrule['pwsimple'] && $pwold) { $seccodecheck = true; } if(!$seccodecheck && $seccheckrule['outofday'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > $seccheckrule['outofday'] * 86400) { $seccodecheck = true; } if(!$seccodecheck && $_G['member_loginperm'] < 4) { $seccodecheck = true; } if(!$seccodecheck && $seccheckrule['numiptry']) { $seccodecheck = failedipcheck($seccheckrule['numiptry'], $seccheckrule['timeiptry']); } if($seccodecheck && !$secchecklogin2) { clearcookies(); $auth = authcode($_GET['username']."\t".$_GET['password']."\t".($result['ucresult']['uid'] == -3 ? 1 : 0)."\t1", 'ENCODE', $_G['config']['security']['authkey']); $location = 'member.php?mod=logging&action=login&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()).(!empty($_GET['cookietime']) ? '&cookietime=1' : ''); if(defined('IN_MOBILE')) { showmessage('login_seccheck2', $location); } else { $js = '<script type="text/javascript">location.href=\''.$location.'\'</script>'; showmessage('login_seccheck2', '', array('type' => 1), array('extrajs' => $js)); } } } if($invite['id']) { $result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid); if(!$result) { C::t('common_invite')->update($invite['id'], array('fuid'=>$uid, 'fusername'=>$_G['username'])); updatestat('invite'); } else { $invite = array(); } } if($invite['uid']) { require_once libfile('function/friend'); friend_make($invite['uid'], $invite['username'], false); dsetcookie('invite_auth', ''); if($invite['appid']) { updatestat('appinvite'); } } $param = array( 'username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0 ); $extra = array( 'showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin ); if(!$freeze || !$this->setting['accountguard']['loginpwcheck']) { $loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed'; $location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer(); } else { $loginmessage = 'login_succeed_password_change'; $location = 'home.php?mod=spacecp&ac=profile&op=password'; $_GET['lssubmit'] = 0; } if(empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) { if(defined('IN_MOBILE')) { showmessage($loginmessage, $location, $param, array('location' => true)); } else { if(!empty($_GET['lssubmit'])) { if(!$ucsynlogin) { $extra['location'] = true; } showmessage($loginmessage, $location, $param, $extra); } else { $href = str_replace("'", "\'", $location); showmessage('location_login_succeed', $location, array(), array( 'showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">'. 'setTimeout("window.location.href =\''.$href.'\';", 3000);'. '$(\'succeedmessage_href\').href = \''.$href.'\';'. '$(\'main_message\').style.display = \'none\';'. '$(\'main_succeed\').style.display = \'\';'. '$(\'succeedlocation\').innerHTML = \''.lang('message', $loginmessage, $param).'\';</script>'.$ucsynlogin, 'striptags' => false, 'showdialog' => true ) ); } } } else { showmessage($loginmessage, $location, $param, $extra); } } else { $password = preg_replace("/^(.{".round(strlen($_GET['password']) / 4)."})(.+?)(.{".round(strlen($_GET['password']) / 6)."})$/s", "\\1***\\3", $_GET['password']); $errorlog = dhtmlspecialchars( TIMESTAMP."\t". ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username'])."\t". $password."\t". "Ques #".intval($_GET['questionid'])."\t". $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_GET['username']); failedip(); $fmsg = $result['ucresult']['uid'] == '-3' ? (empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid'; if($_G['member_loginperm'] > 1) { showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1)); } elseif($_G['member_loginperm'] == -1) { showmessage('login_password_invalid'); } else { showmessage('login_strike'); } } } }
function api_login() { global $_G, $_POST; if ($_POST) { if (!empty($_POST['auth'])) { list($_POST['email'], $_POST['password']) = daddslashes(explode("\t", authcode($_POST['auth'], 'DECODE'))); } if (!($_G['member_loginperm'] = logincheck($_GET['username']))) { json_error(lang('message', 'login_strike')); } $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; if (!$_POST['password'] || $_POST['password'] != addslashes($_POST['password'])) { json_error(lang('message', 'profile_passwd_illegal')); } $username = $_POST['uname']; $result = userlogin($username, $_POST['password'], $_POST['questionid'], $_POST['answer'], 'auto', $_G['clientip']); $uid = $result['ucresult']['uid']; if ($result['status'] == -1) { //不可能发生; if (!$this->setting['fastactivation']) { $auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE'); json_error(lang('message', 'location_activation')); } else { $init_arr = explode(',', $this->setting['initcredits']); $groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid']; C::t('user')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr); $result['member'] = getuserbyuid($uid); $result['status'] = 1; } } elseif ($result['status'] == -2) { json_error('此用户已停用,请联系管理员'); } elseif ($_G['setting']['bbclosed'] > 0 && $result['member']['adminid'] != 1) { json_error('站点关闭中,请联系管理员'); } if ($result['status'] > 0) { $token = md5($_G['uid'] . time()); if ($this->extrafile && file_exists($this->extrafile)) { require_once $this->extrafile; } setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0); if ($_G['member']['lastip'] && $_G['member']['lastvisit']) { dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']); } C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP)); $tokenExit = DB::result_first('SELECT token FROM %t WHERE uid=%s', array('user_token', $_G['uid'])); $time = time(); if ($tokenExit) { DB::query('update %t set token=%s,created_at=%s where uid=%s', array('user_token', $token, $time, $_G['uid'])); } else { //C::t('user_token')->insert(array('token'=>$token,'created_at'=>time(),'uid'=>$_G['uid'])); DB::query('insert into %t values(%s,%s,%s)', array('user_token', $_G['uid'], $token, $time)); } $param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => 0); $extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => ''); $loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed'; $location = $_G['groupid'] == 8 ? 'index.php?open=password' : dreferer(); $data = array('username' => $result['ucresult']['username'], 'uid' => $_G['member']['uid'], 'token' => $token, 'avatar' => $_G['config']['common']['home_url'] . '/' . avatar($_G['member']['uid'], 'middle', true), 'email' => $result['ucresult']['email']); if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) { if (defined('IN_MOBILE')) { json_success(lang($loginmessage), $data); } else { if (!empty($_GET['lssubmit'])) { json_success(lang($loginmessage), $data); } else { json_success(lang('location_login_succeed'), $data); } } } else { json_success(lang($loginmessage), $data); } } else { $password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['email'] ? $result['ucresult']['email'] : $_GET['email']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_GET['username']); $fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid'; if ($_G['member_loginperm'] > 1) { json_error(lang($fmsg)); } elseif ($_G['member_loginperm'] == -1) { json_error(lang('login_password_invalid')); } else { json_error(lang('login_strike')); } } } else { json_error('异常登录'); } }
dheader('location: ' . $redirect); } else { dheader('location: ' . $_G['siteurl']); } } } else { dheader('location: ' . $_G['siteurl'] . 'member.php?mod=logging&action=login&referer=' . dreferer()); } } elseif ($ac == 'login' && submitcheck('submit')) { if (!($loginperm = logincheck($_GET['username']))) { showmessage('login_strike'); } if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) { showmessage('profile_passwd_illegal'); } $result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $_G['setting']['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']); if ($result['status'] <= 0) { loginfailed($_GET['username']); failedip(); showmessage('login_invalid', '', array('loginperm' => $loginperm - 1)); } if (!$_G['wechat']['setting']['wechat_qrtype']) { if ($wechatuser) { if ($result['member']['uid'] != $wechatuser['uid']) { showmessage('wechat:wechat_openid_exists'); } wechat_setloginstatus($result['member']['uid'], true); } else { WeChatHook::bindOpenId($result['member']['uid'], $openid); wsq::report('bind'); }
/** * 用户登录操作 * * @author HanPengyu * @param string $username 用户名. * @param string $password 用户密码. * @return */ public static function login($username, $password) { global $_G; $_GET['username'] = $username; $_GET['password'] = $password; $_GET['questionid'] = $_GET['answer'] = ''; $_GET['loginfield'] = 'username'; require_once libfile('function/member'); require_once libfile('class/member'); require_once libfile('function/misc'); require_once libfile('function/mail'); loaducenter(); $invite = getinvite(); $_G['uid'] = $_G['member']['uid'] = 0; $_G['username'] = $_G['member']['username'] = $_G['member']['password'] = ''; if (trim($_GET['username']) == '') { return self::errorInfo('user_name_null'); } if (!($_G['member_loginperm'] = logincheck($_GET['username']))) { // 密码错误次数过多,请 15 分钟后重新登录,后面还会进行判断 return self::errorInfo(lang('message', 'login_strike')); } if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) { // 抱歉,密码空或包含非法字符 return self::errorInfo(lang('message', 'profile_passwd_illegal')); } $result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], 'username', $_G['clientip']); if ($result['ucresult']['uid'] == '-3') { $userInfo = DzCommonMember::getUidByUsername($result['ucresult']['username']); $result['ucresult']['uid'] = $userInfo['uid']; $result['member'] = $userInfo; $result['status'] = 1; } $uid = $_G['uid'] = $result['ucresult']['uid']; $userName = $result['ucresult']['username']; $userAvatar = UserUtils::getUserAvatar($uid); $ctlObj = new logging_ctl(); $ctlObj->setting = $_G['setting']; if ($result['status'] == -1) { if (!$ctlObj->setting['fastactivation']) { // 帐号没有激活 return self::errorInfo(Yii::t('mobcent', 'location_activation')); } else { // 自动激活 $init_arr = explode(',', $ctlObj->setting['initcredits']); $groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid']; C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr); $result['member'] = getuserbyuid($uid); $result['status'] = 1; } } if ($result['status'] > 0) { // [?]额外的文件 if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) { require_once $ctlObj->extrafile; } // [封装]把登录信息写入到cookie,并且更新登录的状态等。Author:HanPengyu,Data:04.09.28 self::updateCookie($result['member'], $_G['uid']); return self::errorInfo('', 0); } else { $password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']); $errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']); writelog('illegallog', $errorlog); loginfailed($_GET['username']); if ($_G['member_loginperm'] > 1) { // 登录失败,还可以尝试几次 return self::errorInfo(lang('message', 'login_invalid', array('loginperm' => $_G['member_loginperm'] - 1))); } elseif ($_G['member_loginperm'] == -1) { // 抱歉,您输入的密码有误 return self::errorInfo(lang('message', 'login_password_invalid')); } else { // 密码错误次数过多,请 15 分钟后重新登录 return self::errorInfo(lang('message', 'login_strike')); } } }
public function register() { global $_G; $validate_error = array(); //数据验证 $validate_error_rules = $this->rules(); if ($validate_error_rules !== true) { return $validate_error_rules; } $input_email = $_POST['email']; $input_password = $_POST['password']; $rand = rand(100, 999); $newusername = '******' . $_G['timestamp'] . $rand; //*注册数据提交 loaducenter(); $uid = uc_user_register(addslashes($newusername), $input_password, $input_email); if ($uid <= 0) { if ($uid == -4) { $validate_error['email'] = 'Email 地址无效'; return $validate_error; } elseif ($uid == -5) { $validate_error['email'] = 'Email 包含不可使用的邮箱域名'; return $validate_error; } elseif ($uid == -6) { $validate_error['email'] = '该 Email 地址已经被注册'; return $validate_error; } elseif ($uid == -1) { $rand = rand(100, 999); $newusername = '******' . $_G['timestamp'] . $rand; $uid = uc_user_register(addslashes($newusername), $input_password, $input_email); do { $rand = rand(100, 999); $newusername = '******' . $_G['timestamp'] . $rand; $uid = uc_user_register(addslashes($newusername), $input_password, $input_email); } while ($uid == -1); } else { $validate_error['email'] = '未知错误'; return $validate_error; } } loadcache('fields_register'); $init_arr = explode(',', $_G['setting']['initcredits']); $password = md5(random(10)); C::t('common_member')->insert($uid, $newusername, $password, $input_email, $_G['clientip'], 10, $init_arr, 0); //直接登录 require_once libfile('function/member'); $result = userlogin($input_email, $input_password, 0, 0, 'email', $_G['clientip']); setloginstatus($result['member'], 0); //是否记住密码,自动登录 C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP)); $ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : ''; //是否Ucenter同步登录 return true; }
function dbconn($autoclean = false) { global $lang_functions; global $mysql_host, $mysql_user, $mysql_pass, $mysql_db; global $useCronTriggerCleanUp; if (!mysql_connect($mysql_host, $mysql_user, $mysql_pass)) { switch (mysql_errno()) { case 1040: case 2002: die("<html><head><meta http-equiv=refresh content=\"10 {$_SERVER['REQUEST_URI']}\"><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"></head><body><table border=0 width=100% height=100%><tr><td><h3 align=center>" . $lang_functions['std_server_load_very_high'] . "</h3></td></tr></table></body></html>"); default: die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error()); } } mysql_query("SET NAMES UTF8"); mysql_query("SET collation_connection = 'utf8_general_ci'"); mysql_query("SET sql_mode=''"); mysql_select_db($mysql_db) or die('dbconn: mysql_select_db: ' + mysql_error()); userlogin(); if (!$useCronTriggerCleanUp && $autoclean) { register_shutdown_function("autoclean"); } }
} $config = $_G['cache']['plugin']['aljwsq']; require_once 'source/plugin/aljwsq/function_core.php'; if ($_GET['act'] == 'bind') { if (submitcheck('formhash')) { $openid = (string) $_GET['openid']; $check = C::t('common_member')->fetch_by_username($_GET['username']); if (empty($check)) { showmessage(lang('plugin/aljwsq', 'bind2')); } $user = C::t('#aljwsq#aljwsq_user')->fetch($openid); if ($user['username']) { showmessage(lang('plugin/aljwsq', 'bind3')); } require_once libfile('function/member'); $result = userlogin($_GET['username'], $_GET['password']); if (empty($result['status'])) { showmessage(lang('plugin/aljwsq', 'bind4')); } if (empty($openid)) { showmessage(lang('plugin/aljwsq', 'bind5')); } $config = $_G['cache']['plugin']['aljwsq']; if ($config['appid'] && $config['appsecret']) { $url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=" . $config['appid'] . "&secret=" . $config['appsecret']; $result = https_request($url); $jsoninfo = json_decode($result, true); $access_token = $jsoninfo["access_token"]; $url = "https://api.weixin.qq.com/cgi-bin/user/info?access_token=" . $access_token . "&openid=" . $_GET['openid'] . "&lang=zh_CN"; $wuser = https_request($url); $wuser = json_decode($wuser, true);
function loggedinorreturn() { global $CONFIG; userlogin(); if (!Isy_user::$current) { header("Location: {$CONFIG['baseurl']}/login.php"); die; } }
function dbconn($autoclean = false) { global $INSTALLER09; if (!@($GLOBALS["___mysqli_ston"] = mysqli_connect($INSTALLER09['mysql_host'], $INSTALLER09['mysql_user'], $INSTALLER09['mysql_pass']))) { switch (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) { case 1040: case 2002: if ($_SERVER['REQUEST_METHOD'] == "GET") { die("<html><head><meta http-equiv='refresh' content=\"5 {$_SERVER['REQUEST_URI']}\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>"); } else { die("Too many users. Please press the Refresh button in your browser to retry."); } default: die("[" . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) . "] dbconn: mysql_connect: " . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); } } (bool) mysqli_query($GLOBALS["___mysqli_ston"], "USE {$INSTALLER09['mysql_db']}") or die('dbconn: mysql_select_db: ' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); userlogin(); referer(); if ($autoclean) { register_shutdown_function("autoclean"); } }
showmessage(lang('plugin/autologin','tip_noinfo'),'home.php?mod=spacecp&ac=plugin&id=autologin:admincp'); } if($_G['uid']&&$info['uid']&&$_G['uid']==$info['uid']){//当前已经是登陆状态 showmessage(lang('plugin/autologin','tip_loginok'),'index.php', array(), array('locationtime'=>true,'refreshtime'=>3, 'showdialog'=>1, 'showmsg' => true)); } if($config_checkcode&&!submitcheck('codesubmit')){ include template('autologin:checkcode'); }else{ if($config_checkcode){ $code=addslashes(trim($_POST['code'])); if(!$code||$code!=$info['code']) showmessage(lang('plugin/autologin','codecheck_error')); } require_once libfile('function/member'); list($password,$questionid,$answer) = explode("\t", authcode($info['logindata'],'DECODE',$_G['config']['security']['authkey'])); $result = userlogin($info['username'],$password,$questionid,$answer,'username',$_G['clientip']); if($result['status']>0) { setloginstatus($result['member'],2592000); dsetcookie('mrn', ''); dsetcookie('mrd', ''); $log=array( 'uid'=>$info['uid'], 'username'=>$info['username'], 'ip'=>$_G['clientip'], 'dateline'=>TIMESTAMP ); DB::insert('autologin_log',$log); showmessage(lang('plugin/autologin','tip_loginok'),'index.php', array(), array('locationtime'=>true,'refreshtime'=>3, 'showdialog'=>1, 'showmsg' => true)); }else{ showmessage(lang('plugin/autologin','tip_login_error')); }