Ejemplo n.º 1
0
 function control()
 {
     parent::__construct();
     $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
     $this->time = time();
     $seccodeauth = getgpc('seccodeauth');
     $seccode = $this->authcode($seccodeauth, 'DECODE', $authkey);
     //$seccode = rand(100000, 999999);
     //$this->setcookie('uc_secc', $this->authcode($seccode."\t".$this->time, 'ENCODE'));
     @header("Expires: -1");
     @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
     @header("Pragma: no-cache");
     include_once UC_ROOT . 'lib/seccode.class.php';
     $code = new seccode();
     $code->code = $seccode;
     $code->type = 0;
     $code->width = 70;
     $code->height = 21;
     $code->background = 0;
     $code->adulterate = 1;
     $code->ttf = 1;
     $code->angle = 0;
     $code->color = 1;
     $code->size = 0;
     $code->shadow = 1;
     $code->animator = 0;
     $code->fontpath = UC_ROOT . 'images/fonts/';
     $code->datapath = UC_ROOT . 'images/';
     $code->includepath = '';
     $code->display();
 }
Ejemplo n.º 2
0
 function in_seccodelist()
 {
     $seccode = rand(100000, 999999);
     $this->fun->setcookie('ecisp_home_seccode', $this->fun->eccode($seccode . "\t" . time(), 'ENCODE'));
     @header("Expires: -1");
     @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
     @header("Pragma: no-cache");
     include_once admin_ROOT . 'public/class_seccode.php';
     $code = new seccode();
     $code->code = $seccode;
     $code->type = 0;
     $code->width = 70;
     $code->height = 23;
     $code->background = 30;
     $code->adulterate = $this->CON['scode_adulterate'];
     $code->ttf = 0;
     $code->angle = 0;
     $code->color = 0;
     $code->size = 1;
     $code->shadow = $this->CON['scode_shadow'];
     $code->animator = 0;
     $code->bgcolor = $this->CON['scode_bgcolor'];
     $code->fontcolor = $this->CON['scode_fontcolor'];
     $code->datapath = admin_ROOT . 'datacache/';
     $code->includepath = '';
     $code->display();
 }
Ejemplo n.º 3
0
 function common()
 {
     global $_G;
     require_once libfile('function/seccode');
     $seccode = make_seccode($_GET['sechash']);
     if (!$_G['setting']['nocacheheaders']) {
         @header("Expires: -1");
         @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
         @header("Pragma: no-cache");
     }
     require_once libfile('class/seccode');
     $type = in_array($_G['setting']['seccodedata']['type'], array(2, 3)) ? 0 : $_G['setting']['seccodedata']['type'];
     $code = new seccode();
     $code->code = $seccode;
     $code->type = $type;
     $code->width = $_G['setting']['seccodedata']['width'];
     $code->height = $_G['setting']['seccodedata']['height'];
     $code->background = $_G['setting']['seccodedata']['background'];
     $code->adulterate = $_G['setting']['seccodedata']['adulterate'];
     $code->ttf = $_G['setting']['seccodedata']['ttf'];
     $code->angle = $_G['setting']['seccodedata']['angle'];
     $code->warping = $_G['setting']['seccodedata']['warping'];
     $code->scatter = $_G['setting']['seccodedata']['scatter'];
     $code->color = $_G['setting']['seccodedata']['color'];
     $code->size = $_G['setting']['seccodedata']['size'];
     $code->shadow = $_G['setting']['seccodedata']['shadow'];
     $code->animator = 0;
     $code->fontpath = DISCUZ_ROOT . './static/image/seccode/font/';
     $code->datapath = DISCUZ_ROOT . './static/image/seccode/';
     $code->includepath = DISCUZ_ROOT . './source/class/';
     $code->display();
 }
Ejemplo n.º 4
0
 function common()
 {
     global $_G;
     if (is_numeric($_G['setting']['seccodedata']['type'])) {
         if (in_array($_G['setting']['seccodedata']['type'], array(2, 3))) {
             exit;
         }
         $seccode = make_seccode();
         if (!$_G['setting']['nocacheheaders']) {
             @header("Expires: -1");
             @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
             @header("Pragma: no-cache");
         }
         require_once libfile('class/seccode');
         $code = new seccode();
         $code->code = $seccode;
         $code->type = $_G['setting']['seccodedata']['type'];
         $code->width = $_G['setting']['seccodedata']['width'];
         $code->height = $_G['setting']['seccodedata']['height'];
         $code->background = $_G['setting']['seccodedata']['background'];
         $code->adulterate = $_G['setting']['seccodedata']['adulterate'];
         $code->ttf = $_G['setting']['seccodedata']['ttf'];
         $code->angle = $_G['setting']['seccodedata']['angle'];
         $code->warping = $_G['setting']['seccodedata']['warping'];
         $code->scatter = $_G['setting']['seccodedata']['scatter'];
         $code->color = $_G['setting']['seccodedata']['color'];
         $code->size = $_G['setting']['seccodedata']['size'];
         $code->shadow = $_G['setting']['seccodedata']['shadow'];
         $code->animator = 0;
         $code->fontpath = DISCUZ_ROOT . './static/image/seccode/font/';
         $code->datapath = DISCUZ_ROOT . './static/image/seccode/';
         $code->includepath = DISCUZ_ROOT . './source/class/';
         $code->display();
     } else {
         $etype = explode(':', $_G['setting']['seccodedata']['type']);
         if (count($etype) > 1) {
             $codefile = DISCUZ_ROOT . './source/plugin/' . $etype[0] . '/seccode/seccode_' . $etype[1] . '.php';
             $class = $etype[1];
         } else {
             $codefile = libfile('seccode/' . $_G['setting']['seccodedata']['type'], 'class');
             $class = $_G['setting']['seccodedata']['type'];
         }
         if (file_exists($codefile)) {
             @(include_once $codefile);
             $class = 'seccode_' . $class;
             if (class_exists($class)) {
                 make_seccode();
                 $code = new $class();
                 $image = $code->image($idhash, $modid);
                 if ($image) {
                     dheader('location: ' . $image);
                 }
             }
         }
     }
 }
Ejemplo n.º 5
0
 function onlogin_into()
 {
     include_once admin_ROOT . '/public/class_seccode.php';
     $linkURL = $_SERVER['HTTP_REFERER'];
     if (!$this->fun->is_token()) {
         $this->calladminmessage($this->lng['management_token_message'], $this->lng['goback_botton'], $linkURL, 1);
     }
     list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_seccode'], 'DECODE'));
     $code = new seccode();
     $code->seccodeconvert($new_seccode);
     parent::start_template();
     $db_table = db_prefix . "admin_member";
     $seccode = strtoupper($this->fun->accept('seccode', 'P', 1));
     $username = $this->fun->accept('username', 'P', 1);
     if (!preg_match("/^[a-zA-Z]{1}[a-zA-Z0-9]{4,19}\$/i", $username)) {
         $this->calladminmessage($this->lng['adminuser_login_incorrect_mess'], $this->lng['goback_botton'], $linkURL, 1);
     }
     $password_key = $this->fun->accept('password', 'P', 1);
     $password = md5($this->fun->accept('password', 'P', 1));
     if ($new_seccode != $seccode) {
         $this->calladminmessage($this->lng['adminuser_login_seccode_error_mess'], $this->lng['goback_botton'], $linkURL, 1);
     } else {
         $db_where = "username='******' AND password='******' AND isclass=1";
         $rsMember = $this->db->fetch_first('SELECT id,username,password,powergroup,inputclassid,isclass FROM ' . $db_table . ' WHERE ' . $db_where);
         if (!$rsMember) {
             $this->writelog($this->lng['adminuser_login_log_action'], $this->lng['log_extra_no'] . ' user='******' password='******'adminuser_login_incorrect_mess'], $this->lng['goback_botton'], $linkURL, 1);
         } else {
             $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
             $ipadd = empty($ipadd) ? 0 : $ipadd;
             $date = time();
             $db_set = "intime={$date},ipadd={$ipadd},hit=hit+1";
             $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
             $db_table = db_prefix . 'admin_powergroup';
             $db_where = 'id=' . $rsMember['powergroup'];
             $rsPower = $this->db->fetch_first('SELECT powername,powerlist FROM ' . $db_table . ' WHERE ' . $db_where);
             if ($rsPower['powerlist'] != 'all') {
                 $rsPower_array = explode('|', $rsPower['powerlist']);
                 $rsPower_array = is_array($rsPower_array) ? $this->fun->exp_array($rsPower_array) : $rsPower_array;
                 $sysArray = $this->get_powermenulist('all');
                 $sys_newsArray = array();
                 foreach ($sysArray as $key => $value) {
                     $sys_newsArray[] = $value['loadfun'];
                 }
                 $sys_newsArray = $this->fun->exp_array($sys_newsArray);
                 $diff_array = array_diff($sys_newsArray, $rsPower_array);
                 $rsPower['powerlist'] = implode('|', $diff_array);
             }
             $this->fun->setcookie("esp_powerlist", $this->fun->eccode($rsPower['powerlist'], 'ENCODE', db_pscode));
             $this->fun->setcookie('ecisp_admininfo', $this->fun->eccode("{$rsMember['id']}|{$rsMember['username']}|{$rsMember['password']}|" . md5($_SERVER['HTTP_USER_AGENT']) . '|' . $rsMember[powergroup] . '|' . $rsMember[inputclassid] . '|' . md5(admin_ClassURL), 'ENCODE', db_pscode));
             $this->writelog($this->lng['adminuser_login_log_action'], $this->lng['log_extra_ok'] . ' user='******'username'], $rsMember['username']);
             header('location: index.php?archive=management&action=tab&loadfun=mangercenter&out=tabcenter');
             exit('true');
         }
     }
 }
Ejemplo n.º 6
0
 /**
  * 产生验证码
  *
  */
 public function makecodeOp()
 {
     $refererhost = parse_url($_SERVER['HTTP_REFERER']);
     $refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
     $seccode = makeSeccode($_GET['nchash']);
     @header("Expires: -1");
     @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
     @header("Pragma: no-cache");
     $code = new seccode();
     $code->code = $seccode;
     $code->width = 120;
     $code->height = 50;
     $code->background = 1;
     $code->adulterate = 1;
     $code->scatter = '';
     $code->color = 1;
     $code->size = 0;
     $code->shadow = 1;
     $code->animator = 0;
     $code->datapath = BASE_DATA_PATH . '/resource/seccode/';
     $code->display();
 }
Ejemplo n.º 7
0
 function onsend()
 {
     $a = getgpc('a');
     $do = getgpc('do');
     $this->_auth();
     $uid = $this->user['uid'];
     $this->load('friend');
     $totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3);
     $friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array();
     if (!$this->submitcheck()) {
         $extra = 'extra=' . rawurlencode($_GET['extra']);
         $type = !empty($_GET['type']) ? $_GET['type'] : '';
         $pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0;
         $daterange = $_GET['daterange'] ? intval($_GET['daterange']) : 1;
         $touid = intval($_GET['touid']);
         $plid = intval($_GET['plid']);
         $folder = getgpc('folder');
         $pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0);
         $unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1);
         $touser = '';
         if ($pmid) {
             $tmp = $_ENV['pm']->getpmbypmid($uid, $pmid);
             $tmp = $tmp[0];
         } else {
             $tmp = array();
         }
         if (!empty($pmid)) {
             if ($do == 'forward') {
                 $user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']);
                 $tmp['message'] = $this->lang['pm_from'] . ': ' . $tmp['author'] . "\n" . $this->lang['pm_to'] . ': ' . dhtmlspecialchars($user['username']) . "\n" . $this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" . '[quote]' . trim(preg_replace("/(\\[quote])(.*)(\\[\\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n";
             }
         } else {
             !empty($_GET['msgto']) && ($touser = dhtmlspecialchars($_GET['msgto']));
             !empty($_GET['subject']) && ($tmp['subject'] = $_GET['subject']);
             !empty($_GET['message']) && ($tmp['message'] = $_GET['message']);
         }
         if ($this->settings['sendpmseccode']) {
             $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
             $rand = rand(100000, 999999);
             $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720));
             $this->view->assign('seccodeinit', $seccodeinit);
         }
         $this->view->assign('sendpmseccode', $this->settings['sendpmseccode']);
         $this->view->assign('touser', $touser);
         $this->view->assign('user', $this->user);
         $this->view->assign('pmnum_private', $pmnum_private);
         $this->view->assign('pmnum_chatpm', $pmnum_chatpm);
         $this->view->assign('unreadpmnum', $unreadpmnum);
         $this->view->assign('friends', $friends);
         $this->view->assign('extra', $extra);
         $this->view->assign('pmid', $pmid);
         $this->view->assign('daterange', $daterange);
         $this->view->assign('touid', $touid);
         $this->view->assign('plid', $plid);
         $this->view->assign('a', $a);
         $this->view->assign('do', $do);
         $this->view->assign('folder', $folder);
         $tmp['message'] = dhtmlspecialchars($tmp['message']);
         $this->view->assign('message', $tmp['message']);
         $this->view->assign('type', $type);
         $this->view->display('pm_send');
     } else {
         if ($this->settings['sendpmseccode']) {
             $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
             $seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
             $seccode = strtoupper(getgpc('seccode', 'P'));
             $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
             require UC_ROOT . './lib/seccode.class.php';
             if (!seccode::seccode_check($seccodehidden, $seccode)) {
                 $this->message('pm_send_seccode_error', 'BACK', 1);
             }
         }
         $user = $_ENV['user']->get_user_by_uid($this->user['uid']);
         $this->user['username'] = daddslashes($user['username'], 1);
         $touid = intval(getgpc('touid'));
         $daterange = intval(getgpc('daterange'));
         $type = intval(getgpc('type'));
         $replypmid = @is_numeric($_GET['replypmid']) ? $_GET['replypmid'] : 0;
         $msgto = array();
         if ($replypmid) {
             $plid = $_ENV['pm']->getplidbypmid($replypmid);
             $msgto = $_ENV['pm']->getuidbyplid($plid);
             unset($msgto[$uid]);
         } else {
             if (!empty($_POST['msgto'])) {
                 $msgto = explode(',', $_POST['msgto']);
                 $msgto = $_ENV['user']->name2id($msgto);
             }
         }
         if (isset($_POST['friend'])) {
             $frienduids = array();
             foreach ($friends as $friend) {
                 $frienduids[] = $friend['friendid'];
             }
             foreach ($_POST['friend'] as $friendid) {
                 if (in_array($friendid, $frienduids)) {
                     $msgto[] = $friendid;
                 }
             }
         }
         if (!$msgto) {
             $this->message('receiver_no_exists', 'BACK', 1);
         }
         $msgto = array_unique($msgto);
         $countmsgto = count($msgto);
         if ($this->settings['pmsendregdays']) {
             if ($user['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) {
                 $this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays']));
             }
         }
         if ($this->settings['chatpmmemberlimit']) {
             if ($type == 1 && $countmsgto > $this->settings['chatpmmemberlimit'] - 1) {
                 $this->message('pm_send_chatpmmemberlimit_error', 'BACK', 1, array('$chatpmmemberlimit' => $this->settings['chatpmmemberlimit']));
             }
         }
         if ($this->settings['pmfloodctrl']) {
             if (!$_ENV['pm']->ispminterval($this->user['uid'], $this->settings['pmfloodctrl'])) {
                 $this->message('pm_send_pmfloodctrl_error', 'BACK', 1, array('$pmfloodctrl' => $this->settings['pmfloodctrl']));
             }
         }
         if ($this->settings['privatepmthreadlimit']) {
             if (!$_ENV['pm']->isprivatepmthreadlimit($this->user['uid'], $this->settings['privatepmthreadlimit'])) {
                 $this->message('pm_send_privatepmthreadlimit_error', 'BACK', 1, array('$privatepmthreadlimit' => $this->settings['privatepmthreadlimit']));
             }
         }
         if ($this->settings['chatpmthreadlimit']) {
             if (!$_ENV['pm']->ischatpmthreadlimit($this->user['uid'], $this->settings['chatpmthreadlimit'])) {
                 $this->message('pm_send_chatpmthreadlimit_error', 'BACK', 1, array('$chatpmthreadlimit' => $this->settings['chatpmthreadlimit']));
             }
         }
         if ($replypmid) {
             $lastpmid = $_ENV['pm']->replypm($plid, $this->user['uid'], $this->user['username'], $_POST['message']);
         } else {
             $lastpmid = $_ENV['pm']->sendpm($this->user['uid'], $this->user['username'], $msgto, '', $_POST['message'], $type);
         }
         if ($lastpmid > 0) {
             if ($replypmid) {
                 if ($touid) {
                     $this->message('pm_send_succeed', "index.php?m=pm_client&a=view&touid={$touid}&daterange={$daterange}&filter=privatepm", 1);
                 } else {
                     $this->message('pm_send_succeed', "index.php?m=pm_client&a=view&plid={$plid}&daterange={$daterange}&filter=chatpm", 1);
                 }
             } else {
                 if (!$type) {
                     $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=privatepm', 1);
                 } else {
                     $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=chatpm', 1);
                 }
             }
         } else {
             $this->message('pm_send_ignore', 'BACK', 1);
         }
     }
 }
Ejemplo n.º 8
0
 function in_save()
 {
     parent::start_pagetemplate();
     $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
     $linkURL = $_SERVER['HTTP_REFERER'];
     if ($this->CON['bbs_isseccode']) {
         $seccode = $this->fun->accept('seccode', 'P');
         include_once admin_ROOT . 'public/class_seccode.php';
         list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE'));
         $code = new seccode();
         $code->seccodeconvert($new_seccode);
         if ($new_seccode != strtoupper($seccode)) {
             $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']);
         }
     }
     $db_table = db_prefix . "document_message";
     $did = intval($this->fun->accept('did', 'P'));
     $did = empty($did) ? 0 : $did;
     $userid = intval($this->fun->accept('userid', 'P'));
     $userid = empty($userid) ? 0 : $userid;
     $name = $this->fun->accept('name', 'P');
     $content = $this->fun->accept('content', 'P');
     $content = empty($content) ? '' : $this->fun->Text2Html($content, false);
     if (empty($did)) {
         $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackbotton']);
     }
     if (empty($name) || empty($content)) {
         $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']);
     }
     $isclass = $this->CON['bbs_isclass'] ? 0 : 1;
     if (!$this->CON['is_anonymous']) {
         parent::member_purview(1);
     }
     $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
     $addtime = time();
     if (!empty($this->ec_member_username_id)) {
         $rsMember = $this->get_member(null, $this->ec_member_username_id);
         $lockusername = explode(',', $this->CON['bbs_username']);
         if (in_array($this->ec_member_username, $lockusername)) {
             $this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']);
         }
     }
     if (!empty($this->CON['bbs_filter'])) {
         if ($this->fun->screening_key($content, $this->CON['bbs_filter'])) {
             $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']);
         }
     }
     $usersessionid = md5($ipadd + $did . 'input');
     $inputseesion = $this->fun->accept($usersessionid, 'C');
     if (empty($inputseesion) && $this->CON['bbs_inputtime']) {
         $this->fun->setcookie($usersessionid, $addtime, $this->CON['bbs_inputtime']);
     } elseif ($this->CON['bbs_inputtime']) {
         $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']);
     }
     $db_field = 'did,userid,adminid,ipadd,lng,name,content,recontent,isreply,isclass,addtime,retime,support,oppose';
     $db_values = "{$did},{$userid},0,{$ipadd},'{$lng}','{$name}','{$content}','',0,{$isclass},{$addtime},0,0,0";
     $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
     $insert_id = $this->db->insert_id();
     $this->fun->setcookie('ecisp_home_seccode', null);
     if ($this->CON['bbs_ismail']) {
         $this->bbsmailsend('bbsrequest', $insert_id);
     }
     $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']);
 }
Ejemplo n.º 9
0
 function onlogin()
 {
     $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
     $this->load('user');
     $username = getgpc('username', 'P');
     $password = getgpc('password', 'P');
     $iframe = getgpc('iframe') ? 1 : 0;
     $isfounder = intval(getgpc('isfounder', 'P'));
     /*
     echo $sid = $this->sid_encode('admin');
     echo $this->sid_decode($sid);
     */
     $rand = rand(100000, 999999);
     $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 180));
     $errorcode = 0;
     if ($this->submitcheck()) {
         $failedlogin = $this->db->fetch_first("SELECT * FROM " . UC_DBTABLEPRE . "failedlogins WHERE ip='{$this->onlineip}'");
         if ($failedlogin['count'] > 4) {
             if ($this->time - $failedlogin['lastupdate'] < 15 * 60) {
                 $errorcode = UC_LOGIN_ERROR_FAILEDLOGIN;
             } else {
                 $expiration = $this->time - 15 * 60;
                 $this->db->query("DELETE FROM " . UC_DBTABLEPRE . "failedlogins WHERE lastupdate<'{$expiration}'");
             }
         } else {
             $seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
             $seccode = strtoupper(getgpc('seccode', 'P'));
             $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
             require UC_ROOT . './lib/seccode.class.php';
             seccode::seccodeconvert($seccodehidden);
             if (empty($seccodehidden) || $seccodehidden != $seccode) {
                 $errorcode = UC_LOGIN_ERROR_SECCODE;
             } else {
                 $errorcode = UC_LOGIN_SUCCEED;
                 $this->user['username'] = $username;
                 if ($isfounder == 1) {
                     $this->user['username'] = '******';
                     $md5password = md5(md5($password) . UC_FOUNDERSALT);
                     if ($md5password == UC_FOUNDERPW) {
                         $username = $this->user['username'];
                         $this->view->sid = $this->sid_encode($this->user['username']);
                     } else {
                         $errorcode = UC_LOGIN_ERROR_FOUNDER_PW;
                     }
                 } else {
                     $admin = $this->db->fetch_first("SELECT a.uid,m.username,m.salt,m.password FROM " . UC_DBTABLEPRE . "admins a LEFT JOIN " . UC_DBTABLEPRE . "members m USING(uid) WHERE a.username='******'");
                     if (!empty($admin)) {
                         $md5password = md5(md5($password) . $admin['salt']);
                         if ($admin['password'] == $md5password) {
                             $this->view->sid = $this->sid_encode($admin['username']);
                         } else {
                             $errorcode = UC_LOGIN_ERROR_ADMIN_PW;
                         }
                     } else {
                         $errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS;
                     }
                 }
                 if ($errorcode == 0) {
                     $this->setcookie('sid', $this->view->sid, 86400);
                     $pwlen = strlen($password);
                     $this->user['admin'] = 1;
                     $this->writelog('login', 'succeed');
                     if ($iframe) {
                         header('location: admin.php?m=frame&a=main&iframe=1' . ($this->cookie_status ? '' : '&sid=' . $this->view->sid));
                         exit;
                     } else {
                         header('location: admin.php' . ($this->cookie_status ? '' : '?sid=' . $this->view->sid));
                         exit;
                     }
                 } else {
                     $this->writelog('login', 'error: user='******'username'] . '; password='******'{$expiration}'");
                         $this->db->query("INSERT INTO " . UC_DBTABLEPRE . "failedlogins SET ip='{$this->onlineip}', count=1, lastupdate='{$this->time}'");
                     } else {
                         $this->db->query("UPDATE " . UC_DBTABLEPRE . "failedlogins SET count=count+1,lastupdate='{$this->time}' WHERE ip='{$this->onlineip}'");
                     }
                 }
             }
         }
     }
     $username = htmlspecialchars($username);
     $password = htmlspecialchars($password);
     $this->view->assign('seccodeinit', $seccodeinit);
     $this->view->assign('username', $username);
     $this->view->assign('password', $password);
     $this->view->assign('isfounder', $isfounder);
     $this->view->assign('errorcode', $errorcode);
     $this->view->assign('iframe', $iframe);
     $this->view->display('admin_login');
 }
<?php

switch ($do) {
    case "check":
        session_start();
        $letters_code = $seccode = '';
        $letters_code = $_SESSION['6_letters_code'];
        $seccode = isset($_POST['seccode']) ? $_POST['seccode'] : '';
        if (!empty($letters_code) && !empty($seccode) && $letters_code == $seccode) {
            echo 1;
        }
        break;
    case "display":
        //TODO ÒýÈëDZ SECCODE
        $img = new seccode();
        $img->display_seccode();
        break;
}
Ejemplo n.º 11
0
    echo check_seccode($_G['gp_secverify'], $_G['gp_idhash']) ? 'succeed' : 'invalid';
    include template('common/footer_ajax');
} else {
    $refererhost = parse_url($_SERVER['HTTP_REFERER']);
    $refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
    if ($_G['setting']['seccodedata']['type'] < 2 && ($refererhost['host'] != $_SERVER['HTTP_HOST'] || !$_G['setting']['seccodestatus']) || $_G['setting']['seccodedata']['type'] == 2 && !extension_loaded('ming') && $_POST['fromFlash'] != 1 || $_G['setting']['seccodedata']['type'] == 3 && $_GET['fromFlash'] != 1) {
        exit('Access Denied');
    }
    $seccode = make_seccode($_G['gp_idhash']);
    if (!$_G['setting']['nocacheheaders']) {
        @header("Expires: -1");
        @header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
        @header("Pragma: no-cache");
    }
    require_once libfile('class/seccode');
    $code = new seccode();
    $code->code = $seccode;
    $code->type = $_G['setting']['seccodedata']['type'];
    $code->width = $_G['setting']['seccodedata']['width'];
    $code->height = $_G['setting']['seccodedata']['height'];
    $code->background = $_G['setting']['seccodedata']['background'];
    $code->adulterate = $_G['setting']['seccodedata']['adulterate'];
    $code->ttf = $_G['setting']['seccodedata']['ttf'];
    $code->angle = $_G['setting']['seccodedata']['angle'];
    $code->warping = $_G['setting']['seccodedata']['warping'];
    $code->scatter = $_G['setting']['seccodedata']['scatter'];
    $code->color = $_G['setting']['seccodedata']['color'];
    $code->size = $_G['setting']['seccodedata']['size'];
    $code->shadow = $_G['setting']['seccodedata']['shadow'];
    $code->animator = $_G['setting']['seccodedata']['animator'];
    $code->fontpath = DISCUZ_ROOT . './static/image/seccode/font/';
Ejemplo n.º 12
0
 function in_lostpasswdsave()
 {
     if (!$this->CON['mem_isclose']) {
         $linkURL = $_SERVER['HTTP_REFERER'];
         $this->callmessage($this->lng['mem_close'], $linkURL, $this->lng['gobackbotton']);
     }
     if (!$this->CON['is_email']) {
         $linkURL = $this->get_link('memberlogin', '', admin_LNG);
         $this->callmessage($this->lng['main_send_no'], $linkURL, $this->lng['gobackurlbotton']);
     }
     if ($this->CON['mem_isucenter']) {
         include_once admin_ROOT . 'public/uc_client/client.php';
     }
     $linkURL = $_SERVER['HTTP_REFERER'];
     $username = $this->fun->accept('username', 'P');
     $email = $this->fun->accept('email', 'P');
     if (!preg_match("/^[^!@~`\\'\"#\$\\%\\^&\\*\\(\\)\\+\\-\\{\\}\\[\\]\\|\\/\\?\\<\\>\\,\\.\\:\\;]{2,16}\$/i", $username)) {
         $this->callmessage($this->lng['username_err'], $linkURL, $this->lng['gobackbotton']);
     }
     if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
         $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']);
     }
     if ($this->CON['mem_isseccode']) {
         $seccode = $this->fun->accept('seccode', 'P');
         include_once admin_ROOT . 'public/class_seccode.php';
         list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE'));
         $code = new seccode();
         $code->seccodeconvert($new_seccode);
         if ($new_seccode != strtoupper($seccode)) {
             $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']);
         }
     }
     $lockusername = explode(',', $this->CON['mem_lock']);
     if (in_array($username, $lockusername)) {
         $this->callmessage($this->lng['member_memlock'], $linkURL, $this->lng['gobackbotton']);
     }
     if (empty($username) || empty($email)) {
         $this->callmessage($this->lng['username_err'], $linkURL, $this->lng['gobackbotton']);
     } else {
         $db_table = db_prefix . "member";
         $db_where = "username='******' AND email='{$email}' AND isclass=1";
         $db_sql = "SELECT * FROM {$db_table} WHERE {$db_where}";
         $rsMember = $this->db->fetch_first($db_sql);
         if ($rsMember) {
             $password = $this->fun->getStr(8);
             $password2 = md5($password);
             $db_set = "password='******'";
             $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
             if ($this->CON['mem_isucenter']) {
                 $data = uc_get_user($username);
                 if ($data) {
                     list($uid2, $username2, $email2) = $data;
                     if ($email == $email2) {
                         uc_user_edit($username, $password, $password, $email, 1);
                     }
                 }
             }
             if (!empty($email)) {
                 $this->membermailsend('memberpw', $rsMember['userid'], $password);
             }
             $linkURL = $this->get_link('memberlogin', '', admin_LNG);
             $this->callmessage($this->lng['password_lostok'], $linkURL, $this->lng['memberlogin']);
         } else {
             $linkURL = $this->get_link('memberlogin', '', admin_LNG);
             $this->callmessage($this->lng['password_losterr'], $linkURL, $this->lng['gobackurlbotton']);
         }
     }
 }
Ejemplo n.º 13
0
 function onsend()
 {
     $folder = getgpc('folder');
     $filter = getgpc('filter');
     $a = getgpc('a');
     $do = getgpc('do');
     $this->_auth();
     $uid = $this->user['uid'];
     if ($this->settings['pmsendregdays']) {
         $fromuser = $_ENV['user']->get_user_by_uid($uid);
         if ($fromuser['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) {
             $this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays']));
         }
     }
     $this->load('friend');
     $totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3);
     $friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array();
     if (!$this->submitcheck()) {
         $touser = '';
         $pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0;
         if ($pmid) {
             $tmp = $_ENV['pm']->get_pm_by_pmid($uid, $pmid);
             $tmp = $tmp[0];
         } else {
             $tmp = array();
         }
         $pmnum = $_ENV['pm']->get_pm_num($uid, $folder, $filter, $a);
         if (!empty($pmid)) {
             if ($do == 'forward') {
                 $tmp['subject'] = 'Fw: ' . $tmp['subject'];
                 $user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']);
                 $tmp['message'] = ($tmp['msgfromid'] ? $this->lang['pm_from'] . ': ' . $tmp['msgfrom'] : $this->lang['pm_system']) . "\n" . $this->lang['pm_to'] . ': ' . htmlspecialchars($user['username']) . "\n" . $this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" . '[quote]' . trim(preg_replace("/(\\[quote])(.*)(\\[\\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n";
             }
             require_once UC_ROOT . 'lib/uccode.class.php';
             $this->uccode = new uccode();
             $tmp['messagepreview'] = $this->uccode->complie($tmp['message']);
         } else {
             !empty($_GET['msgto']) && ($touser = htmlspecialchars($_GET['msgto']));
             !empty($_GET['subject']) && ($tmp['subject'] = $_GET['subject']);
             !empty($_GET['message']) && ($tmp['message'] = $_GET['message']);
         }
         $related = $a == 'reply' ? $tmp['related'] : 0;
         $folder = 'send';
         $extra = 'extra=' . rawurlencode($_GET['extra']);
         $type = !empty($_GET['type']) ? $_GET['type'] : '';
         $unreadpmnum = $pmnum[1] + $pmnum[2];
         if ($this->settings['sendpmseccode']) {
             $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
             $rand = rand(100000, 999999);
             $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720));
             $this->view->assign('seccodeinit', $seccodeinit);
         }
         $this->view->assign('sendpmseccode', $this->settings['sendpmseccode']);
         $this->view->assign('touser', $touser);
         $this->view->assign('related', $related);
         $this->view->assign('user', $this->user);
         $this->view->assign('pmnum', $pmnum);
         $this->view->assign('unreadpmnum', $unreadpmnum);
         $this->view->assign('friends', $friends);
         $this->view->assign('extra', $extra);
         $extra = getgpc('extra');
         $this->view->assign('extraret', $extra);
         $this->view->assign('pmid', $pmid);
         $this->view->assign('a', $a);
         $this->view->assign('do', $do);
         $this->view->assign('folder', $folder);
         $tmp['subject'] = htmlspecialchars($tmp['subject']);
         $tmp['message'] = htmlspecialchars($tmp['message']);
         $this->view->assign('subject', $tmp['subject']);
         $this->view->assign('message', $tmp['message']);
         $this->view->assign('messagepreview', $tmp['messagepreview']);
         $this->view->assign('type', $type);
         $this->view->display('pm_send');
     } else {
         if ($this->settings['sendpmseccode']) {
             $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
             $seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
             $seccode = strtoupper(getgpc('seccode', 'P'));
             $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
             require UC_ROOT . './lib/seccode.class.php';
             seccode::seccodeconvert($seccodehidden);
             if (empty($seccodehidden) || $seccodehidden != $seccode) {
                 $this->message('pm_send_seccode_error', 'BACK', 1);
             }
         }
         $user = $_ENV['user']->get_user_by_uid($this->user['uid']);
         $this->user['username'] = daddslashes($user['username'], 1);
         if ($_POST['saveoutbox']) {
             $pmid = $_ENV['pm']->sendpm($_POST['subject'], $_POST['message'], $this->user, $uid, $_GET['pmid'], 1, $_POST['related']);
             $this->message('pm_save_succeed', 'index.php?m=pm_client&a=send&do=savebox&folder=savebox&pmid=' . $_GET['pmid'] . '&extra=' . rawurlencode($_GET['extra']), 1);
         } else {
             $msgto = array();
             $tmp = $_ENV['user']->get_user_by_username($_POST['msgto']);
             $tmp && ($msgto[] = $tmp['uid']);
             if (isset($_POST['friend'])) {
                 $frienduids = array();
                 foreach ($friends as $friend) {
                     $frienduids[] = $friend['friendid'];
                 }
                 foreach ($_POST['friend'] as $friendid) {
                     if (in_array($friendid, $frienduids)) {
                         $msgto[] = $friendid;
                     }
                 }
             }
             if (!$msgto) {
                 $this->message('receiver_no_exists', 'BACK', 1);
             }
             $pmlimit1day = $this->settings['pmlimit1day'] && $_ENV['pm']->count_pm_by_fromuid($this->user['uid'], 86400) > $this->settings['pmlimit1day'];
             if ($pmlimit1day || $this->settings['pmfloodctrl'] && $_ENV['pm']->count_pm_by_fromuid($this->user['uid'], $this->settings['pmfloodctrl'])) {
                 if (!$_ENV['friend']->is_friend($this->user['uid'], $msgto, 3)) {
                     if (!$_ENV['pm']->is_reply_pm($this->user['uid'], $msgto)) {
                         if ($pmlimit1day) {
                             $this->message('pm_send_limit1day_error', 'BACK', 1);
                         } else {
                             $this->message('pm_send_floodctrl_error', 'BACK', 1);
                         }
                     }
                 }
             }
             $msgto = array_unique($msgto);
             $blackls = $_ENV['pm']->get_blackls($uid, $msgto);
             $sent = 0;
             foreach ($msgto as $uid) {
                 if (!in_array('{ALL}', $blackls[$uid])) {
                     $blackls[$uid] = $_ENV['user']->name2id($blackls[$uid]);
                     if (isset($blackls[$uid]) && !in_array($this->user['uid'], $blackls[$uid]) && $_ENV['pm']->sendpm($_POST['subject'], $_POST['message'], $this->user, $uid, 0, 0, $_POST['related'])) {
                         $sent++;
                     }
                 }
             }
             if ($sent) {
                 $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&folder=' . ($_POST['folder'] ? $_POST['folder'] : 'inbox'), 1, array('$sent' => $sent));
             } else {
                 $this->message('pm_send_ignore', 'BACK', 1);
             }
         }
     }
 }
Ejemplo n.º 14
0
    } else {
        if ($sax_uid && $sax_pw && $sax_group) {
            redirect('您已经处于登陆状态', $referer);
        }
        include template('register');
        PageEnd();
    }
}
if ($_POST['action'] == 'doregister') {
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && (empty($_SERVER['HTTP_REFERER']) || $GLOBALS['formhash'] != formhash() || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) !== preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
        redirect('您的请求来路不正确,无法提交.');
    } else {
        if ($options['seccode']) {
            $clientcode = $_POST['clientcode'];
            include_once SABLOG_ROOT . 'include/class/seccode.class.php';
            $code = new seccode();
            $code->seccodeconvert($_SESSION['seccode']);
            if (!$clientcode || strtolower($clientcode) != strtolower($_SESSION['seccode'])) {
                $_SESSION['seccode'] = random(6, 1);
                redirect('验证码错误,请返回重新输入.', $referer);
            }
        }
    }
    //取值
    $username = trim($_POST['username']);
    $password = $_POST['password'];
    $comfirpassword = $_POST['comfirpassword'];
    $email = trim($_POST['email']);
    $url = trim($_POST['url']);
    $referer = trim($_POST['referer']);
    //检测网址
Ejemplo n.º 15
0
 function in_save()
 {
     $linkURL = $_SERVER['HTTP_REFERER'];
     if (!$this->fun->is_token()) {
         $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
     }
     parent::start_pagetemplate();
     $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG;
     $inputclass = $this->fun->accept('inputclass', 'P');
     $btid = intval($this->fun->accept('btid', 'P'));
     if (empty($btid)) {
         $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackurlbotton']);
     }
     $db_table = db_prefix . "bbs";
     $title = trim($this->fun->accept('title', 'P', true, true));
     $title = $this->fun->substr($title, 80);
     $username = $this->fun->accept('username', 'P', true, true);
     $username = $this->fun->substr($username, 20);
     $email = trim($this->fun->accept('email', 'P', true, true));
     $content = $this->fun->accept('content', 'P');
     $content = empty($content) ? '' : $this->fun->Text2Html($content, false);
     $userid = intval($this->fun->accept('userid', 'P'));
     if (empty($title)) {
         $this->callmessage($this->lng['forum_title_err'], $linkURL, $this->lng['gobackbotton']);
     }
     if (empty($content) || empty($username)) {
         $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']);
     }
     if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
         $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']);
     }
     $typeread = $this->get_bbstype_view($btid);
     if (!$typeread) {
         $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
     }
     $qq = $this->fun->accept('qq', 'P', true, true);
     $qq = $this->fun->substr($qq, 10);
     $msn = $this->fun->accept('msn', 'P', true, true);
     $address = $this->fun->accept('address', 'P', true, true);
     $address = $this->fun->substr($address, 150);
     $tel = $this->fun->accept('tel', 'P', true, true);
     $tel = $this->fun->substr($tel, 15);
     $mobile = $this->fun->accept('mobile', 'P', true, true);
     $mobile = $this->fun->substr($mobile, 15);
     if ($typeread['isseccode']) {
         $seccode = $this->fun->accept('seccode', 'P');
         include_once admin_ROOT . 'public/class_seccode.php';
         list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE'));
         $code = new seccode();
         $code->seccodeconvert($new_seccode);
         if ($new_seccode != strtoupper($seccode)) {
             $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']);
         }
     }
     if (!$typeread['isclass']) {
         exit("Information parameter error!");
     } elseif ($typeread['purview'] > 0) {
         parent::member_purview($purview);
     }
     $isclass = $typeread['isaddclass'] ? 0 : 1;
     if ($typeread['purview'] > 0) {
         parent::member_purview($typeread['purview']);
     }
     if (!empty($this->ec_member_username_id)) {
         $rsMember = $this->get_member(null, $this->ec_member_username_id);
         $lockusername = explode(',', $this->CON['bbs_username']);
         if (in_array($this->ec_member_username, $lockusername)) {
             $this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']);
         }
     }
     if (!empty($this->CON['bbs_filter'])) {
         if ($this->fun->screening_key($content, $this->CON['bbs_filter']) || $this->fun->screening_key($title, $this->CON['bbs_filter'])) {
             $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']);
         }
     }
     $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
     $addtime = time();
     $usersessionid = md5($ipadd + $btid . 'input');
     $inputseesion = $this->fun->accept($usersessionid, 'C');
     if (empty($inputseesion) && $typeread['inputtime']) {
         $this->fun->setcookie($usersessionid, $addtime, $typeread['inputtime']);
     } elseif ($typeread['inputtime']) {
         $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']);
     }
     if ($inputclass == 'add') {
         $db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd';
         $db_values = "{$btid},0,0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'";
         $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
         $insert_id = $this->db->insert_id();
         $this->fun->setcookie('ecisp_home_seccode', null);
         if ($typeread['ispage'] == 2) {
             $linkURL = $this->get_link('forum', $typeread, admin_LNG);
         }
         if ($typeread['ismail'] && $this->CON['is_email']) {
             $mailcode = $typeread['mailcode'] ? $typeread['mailcode'] : 'forumnew';
             $putmail = $typeread['putmail'] ? $typeread['putmail'] : $this->CON['admine_mail'];
             $this->forumsendmail($mailcode, $insert_id, $putmail);
         }
         if ($typeread['issms'] && $this->CON['is_moblie']) {
             $messageArray = array('title' => $title);
             $mobile = $this->CON['moblie_number'];
             if ($typeread['smscode']) {
                 $this->membersmssend($messageArray, $mobile, $typeread['smscode']);
             }
         }
         $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']);
     }
     if ($inputclass == 'reinput') {
         $upbid = intval($this->fun->accept('bid', 'P'));
         $reemail = $this->fun->accept('reemail', 'P');
         $db_where = "bid={$upbid} AND isclass=1";
         $db_set = "replynum=replynum+1,retime={$addtime}";
         $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where);
         $db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd';
         $db_values = "{$btid},{$upbid},0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'";
         $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
         $this->fun->setcookie('ecisp_home_seccode', null);
         if ($typeread['ismail'] && $this->CON['is_email']) {
             if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $reemail)) {
                 $this->forumsendmail('forumre', $upbid, $reemail);
             }
         }
         $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']);
     }
 }
Ejemplo n.º 16
0
 function in_save()
 {
     $linkURL = $_SERVER['HTTP_REFERER'];
     if (!$this->fun->is_token()) {
         $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']);
     }
     $fgid = intval($this->fun->accept('fgid', 'P'));
     if (!$fgid) {
         $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackurlbotton']);
     }
     $formcode = $this->fun->accept('formcode', 'P');
     $form = $this->get_form_purview($fgid);
     if (!$form) {
         $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']);
     }
     $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']);
     $usersessionid = md5($ipadd + $formcode . 'input');
     $inputseesion = $this->fun->accept($usersessionid, 'C');
     $did = intval($this->fun->accept('did', 'P'));
     $did = empty($did) ? 0 : $did;
     $userid = intval($this->member_cookieview('userid'));
     $userid = empty($userid) ? 0 : $userid;
     $addtime = time();
     if ($form['isseccode']) {
         $seccode = $this->fun->accept('seccode', 'P');
         include_once admin_ROOT . '/public/class_seccode.php';
         list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE'));
         $code = new seccode();
         $code->seccodeconvert($new_seccode);
         if ($new_seccode != strtoupper($seccode)) {
             $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']);
         }
     }
     if (empty($inputseesion) && $form['inputtime']) {
         $this->fun->setcookie($usersessionid, $addtime, $form['inputtime']);
     } elseif ($form['isinputtime']) {
         $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']);
     }
     if ($form['purview'] > 0) {
         $this->member_purview($form['purview']);
     }
     $formatt = $this->get_formatt($fgid, true);
     $formattarray = array();
     foreach ($formatt as $key => $value) {
         if ($value['inputtype'] == 'htmltext') {
             $value['accept'] = 'html';
         } elseif ($value['inputtype'] == 'checkbox') {
             $value['accept'] = 'checkbox';
         } elseif ($value['inputtype'] == 'string' || $value['inputtype'] == 'img' || $value['inputtype'] == 'addon' || $value['inputtype'] == 'video' || $value['inputtype'] == 'select' || $value['inputtype'] == 'radio' || $value['inputtype'] == 'selectinput') {
             $value['accept'] = 'text';
         } elseif ($value['inputtype'] == 'editor' || $value['inputtype'] == 'text') {
             $value['accept'] = 'editor';
         } elseif ($value['inputtype'] == 'int') {
             $value['accept'] = 'int';
         } elseif ($value['inputtype'] == 'float' || $value['inputtype'] == 'decimal') {
             $value['accept'] = 'float';
         } elseif ($value['inputtype'] == 'datetime') {
             $value['accept'] = 'data';
         }
         $formattarray[] = $value;
     }
     $sysinstalldb = null;
     foreach ($formattarray as $key => $value) {
         $sysinstall .= $value['attrname'] . ',';
         if ($value['accept'] == 'int') {
             $valuestr = intval($this->fun->accept($value['attrname'], 'P'));
             $valuestr = empty($valuestr) ? 0 : $valuestr;
             $sysinstalldb .= "{$valuestr},";
         } elseif ($value['accept'] == 'float') {
             $valuestr = floatval($this->fun->accept($value['attrname'], 'P'));
             $valuestr = empty($valuestr) ? 0 : $valuestr;
             $sysinstalldb .= "{$valuestr},";
         } elseif ($value['accept'] == 'html') {
             $valuestr = $this->fun->accept($value['attrname'], 'P');
             $valuestr = empty($valuestr) ? '' : $this->fun->Text2Html($valuestr);
             $sysinstalldb .= "'{$valuestr}',";
         } elseif ($value['accept'] == 'editor') {
             $valuestr = $this->fun->accept($value['attrname'], 'P', true, true);
             $valuestr = $this->fun->substr($valuestr, 1000);
             $sysinstalldb .= "'{$valuestr}',";
         } elseif ($value['accept'] == 'text') {
             $valuestr = $this->fun->accept($value['attrname'], 'P', true, true);
             $valuestr = $this->fun->substr($valuestr, 150);
             $sysinstalldb .= "'{$valuestr}',";
         } elseif ($value['accept'] == 'data') {
             $valuestr = $this->fun->accept($value['attrname'], 'P', true, true);
             $valuestr = empty($valuestr) ? 0 : intval(strtotime($valuestr));
             $sysinstalldb .= "{$valuestr},";
         } elseif ($value['accept'] == 'checkbox') {
             $valuestr = $this->fun->accept($value['attrname'], 'P', true, true);
             $valuestr = is_array($valuestr) ? implode(',', $valuestr) : '';
             $sysinstalldb .= "'{$valuestr}',";
         }
         if ($value['attrname'] == $form['emailatt']) {
             $email = $valuestr;
         }
     }
     $db_table = db_prefix . 'form_value';
     $db_field = $sysinstall . 'fgid,did,userid,addtime,retime,ipadd,isreply,username,recontent';
     $db_values = $sysinstalldb . "{$fgid},{$did},{$userid},{$addtime},0,{$ipadd},0,'',''";
     $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')');
     $insert_id = $this->db->insert_id();
     if ($form['ismail'] && $this->CON['is_email']) {
         $mailcode = $form['mailcode'] ? $form['mailcode'] : 'formnewremind';
         if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) {
             $this->formmailsend($mailcode, $insert_id, $email);
         }
         $putmail = $form['putmail'] ? $form['putmail'] : $this->CON['admine_mail'];
         if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $putmail)) {
             $this->formmailsend('formremind', $insert_id, $putmail);
         }
     }
     if ($form['issms'] && $this->CON['is_moblie']) {
         $messageArray = array('formgroupname' => $form['formgroupname']);
         $mobile = $this->CON['moblie_number'];
         if ($form['smscode']) {
             $this->membersmssend($messageArray, $mobile, $form['smscode']);
         }
     }
     $this->callmessage(htmlspecialchars_decode($form['successtext']), $linkURL, $this->lng['gobackurlbotton']);
 }