/**
* 判断COOKIE是否超过一个小时,如果没有超过则更新$_M['user']['cookie']中的信息
*/
function met_cooike_start()
{
global $_M;
$_M['user']['cookie'] = array();
$met_webkeys = $_M['config']['met_webkeys'];
list($username, $password) = explode("\t", authcode($_M['form']['met_auth'], 'DECODE', $met_webkeys . $_COOKIE['met_key']));
$username = sqlinsert($username);
$query = "SELECT * from {$_M['table']['admin_table']} WHERE admin_id = '{$username}'";
$user = DB::get_one($query);
$usercooike = json_decode($user['cookie']);
if (md5($user['admin_pass']) == $password && time() - $usercooike->time < 3600) {
foreach ($usercooike as $key => $val) {
$_M['user']['cookie'][$key] = $val;
}
if (defined('IN_ADMIN')) {
$_M['user']['admin_name'] = get_met_cookie('metinfo_admin_name');
$_M['user']['admin_id'] = $_M['user']['cookie']['metinfo_admin_id'];
$privilege = background_privilege();
$_M['user']['langok'] = $privilege['langok'];
}
$_M['user']['cookie']['time'] = time();
$json = json_encode($_M['user']['cookie']);
$query = "update {$_M['table']['admin_table']} set cookie = '{$json}' WHERE admin_id = '{$username}'";
$user = DB::query($query);
}
}
public function respond()
{
global $_W;
$rid = $this->rule;
$reply = pdo_fetch("SELECT * FROM " . tablename('vote_reply') . " WHERE `rid`=:rid LIMIT 1", array(':rid' => $rid));
if ($reply == false) {
return $this->respText('活动已经取消...');
}
$nowtime = time();
$endtime = $reply['endtime'] + 86399;
if ($reply['status'] == 0) {
return $this->respText("投票已暂停,请等待...");
}
if ($reply['votelimit'] == 1) {
if ($reply['votetotal'] > 0 && $reply['votenum'] >= $reply['votetotal']) {
return $this->respText("投票人数已满,活动结束...");
}
} else {
if ($reply['starttime'] > $nowtime) {
return $this->respText("投票未开始,请等待...");
} elseif ($endtime < $nowtime) {
return $this->respText("投票已结束...");
} else {
// if ($reply['status'] != 1) {
// return $this->respText("投票已暂停,请等待...");
// }
}
}
return $this->respNews(array('Title' => $reply['title'], 'Description' => $reply['description'], 'PicUrl' => img_url($reply['thumb']), 'Url' => $this->createMobileUrl("index", array("id" => $rid, 'from_user' => base64_encode(authcode($this->message['from'], 'ENCODE'))))));
}
public function confirm()
{
if (IS_POST) {
if ($this->redis->get($this->wx_numberid_name . intval(I('post.numberid'))) && I('post.confirm') == 'true') {
$this->redis->setex($this->wx_auth_name . intval(I('post.numberid')), 150, ACPopedom::getID());
//提示登陆成功
header("HTTP/1.1 200");
exit;
} else {
header("HTTP/1.1 400");
exit;
}
}
$nmberid = authcode(base64_decode(trim(I('get.token'))), "DECODE", SESSION_AUTH);
if (!intval($nmberid)) {
//解析不成功
$this->ajaxReturn(array('status' => false, 'msg' => '无效的二维码'));
}
if (!$this->redis->get($this->wx_numberid_name . $nmberid)) {
//解析不成功
$this->ajaxReturn(array('status' => false, 'msg' => '此二维码已过期,请刷新页面再扫!'));
}
//生成扫码通过标识,并绑定扫码带来的numberid
$this->redis->setex($this->wx_login_name . $nmberid, 150, ACPopedom::getAvator());
$this->ajaxReturn(array('status' => true, 'numberid' => $nmberid));
}
/**
* 前期执行
*/
public function _initialize(){
//配置
$configs = getCache('Config:list');
$this->configs = $configs;
$this->assign('configs',$configs);
//dump($configs);exit;
//购物车
/*
$shopcart= session('shopcart');
$this->shopcartnum = count($shopcart);
$this->assign('shopcartnum', count($shopcart));
*/
//上级
if($_GET['r']){
cookie('r',$_GET['r']);
}
//会员信息
$member_msg = session('member_msg');
$user = unserialize(authcode($member_msg,'DECODE'));
$user['id'] = 107;//模拟用户
if($user){
if($user['openid'] && !$user['id']){
$to_url = C('MEMBER_SITE_URL').'/Member/message';
header("location:".$to_url);exit;
}
$model = D('Member');
$data['a.id'] = $user['id'];
$db_pre = C('DB_PREFIX');
$user = $model->alias('a')->join('`'.$db_pre.'member_wallet` as b on a.id=b.member_id')->join('`'.$db_pre.'member_msg` as c on a.id=c.member_id')->field('a.id,a.pid,a.nickname,logo,lv,lv_name,email,utype,username,realname,mobile,password,salt,pv_id,ct_id,province,city,create_time,last_login_time,balance,frozen,c.sex')->where($data)->find();
//echo $model->getlastsql();exit;
if($user['balance']==null){
$data['update_time'] = time();
$model->add($data);
$user['balance'] = 0;
$user['frozen'] = 0;
$user['update_time'] = time();
}
//dump($user);
$user['username'] = $user['username'] ? $user['username'] : $user['mobile'];
$this->user = $user;
$this->assign('user',$user);
}
$this->iswx = isWeixin();//是否微信浏览器
$this->login_url = C('SITE_URL').'/index.php/Public/login';
$this->register_url = C('SITE_URL').'/index.php/Public/register';
if(!IS_AJAX){
if($_SERVER['QUERY_STRING']){
$from_url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
}else{
$from_url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
}
$from_url_except = array('login','register','reg_do','verify','checkLogin','check_username','check_email','get_city');
if(array_search(ACTION_NAME,$from_url_except)===false && CONTROLLER_NAME!='Public'){
$_SESSION['self_url'] = $from_url;
}
}
$this->assign('self_url',$_SESSION['self_url']);
}
public function check()
{
$this->json = new JSON();
$key = ForceStringFrom('key');
$code = ForceStringFrom('code');
$decode = authcode($code, 'DECODE', $key);
$cookievalue = ForceCookieFrom(COOKIE_SAFE);
$email = ForceStringFrom('email');
if (!$email) {
$this->ajax['i'] = '请输入Email地址!';
} elseif (!IsEmail($email)) {
$this->ajax['i'] = 'Email地址非法!';
} elseif ($decode != md5(WEBSITE_KEY)) {
$this->ajax['i'] = '验证码超时! 请刷新页面后重新提交.';
} elseif ($cookievalue != md5(WEBSITE_KEY . $key . APP::$_CFG['KillRobotCode'])) {
$this->ajax['i'] = '安全验证Cookie错误!';
} elseif (!($user = APP::$DB->getOne("SELECT u.aid, u.password, u.fullname FROM " . TABLE_PREFIX . "admin u WHERE u.email = '{$email}' AND u.activated = 1"))) {
$this->ajax['i'] = 'Email地址不存在!';
} else {
$subject = '管理员找回密码 -- ' . APP::$_CFG['Title'];
$verifycode = PassGen(8);
$verify_url = BASEURL . ADMINDIR . '/index.php?c=getpass&a=verify&key=' . base64_encode($email) . '&sid=' . md5($user['fullname'] . WEBSITE_KEY . $user['password'] . $verifycode);
$content = "{$user['fullname']}:<br><br>您好! 请点击以下链接重设密码:<br><br>";
$content .= "<a href=\"{$verify_url}\" target=\"_blank\">{$verify_url}</a><br><br>";
APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET verifycode = '{$verifycode}' WHERE aid = '{$user['aid']}'");
if (SendMail($email, $subject, $content) === true) {
$this->ajax['s'] = 1;
$this->ajax['i'] = '重设密码的邮件已发送到您的信箱, 请查收!';
} else {
$this->ajax['i'] = '发送邮件失败!';
}
}
die($this->json->encode($this->ajax));
}
public function index()
{
$data = I('post.');
if (!empty($data['username']) && !empty($data['password']) && !empty($data['verify'])) {
if ($this->Verify->check($data['verify'])) {
$user = M('user');
$userdata = $user->where("username='******' and state=0", $data['username'])->find();
if ($userdata && $userdata['password'] === md5(C('SECURE_CODE') . md5($data['password']))) {
unset($userdata['password']);
$userdata['ip'] = get_client_ip();
$user->where('id=' . $userdata['id'])->save(array('logintime' => time()));
$user_auth = json_encode($userdata);
$user_auth_cookie = authcode($user_auth, ENCODE);
cookie('auth', $user_auth_cookie, 3600);
$this->success('登陆成功', U('index/index'));
exit;
} else {
$this->error("用户名或密码错误");
}
} else {
$this->error("验证码填写错误");
}
}
$this->display();
}
/**
* 修改截取后的头像
*/
public function ModifyAvator()
{
$ShearPhoto["config"] = array("proportional" => 0);
import('Vendor.ShearPhoto.ShearPhoto');
$Shear = new \ShearPhoto(ACPopedom::mixPass(ACPopedom::getID()));
$tmp_name = $Shear->run(json_decode(trim(stripslashes($_POST["JSdate"])), true), $ShearPhoto["config"]);
//传入参数运行
if (!$tmp_name) {
$this->ajaxReturn(array('erro' => '头像保存失败'));
}
$filename = $Shear->filename . $Shear->imagesuffix;
//又拍云上传
import('Vendor.Upyun.UpYunApi');
$upYunApi = new \UpYunApi(UPYUN_BUCKET, UPYUN_USERNAME, UPYUN_PASSWORD);
$upYunApi->debug = false;
$upYunApi->setApiDomain(UPYUN_HOST);
$fh = fopen($tmp_name, 'rb');
$rsp = $upYunApi->writeFile('/Attachment/face/' . $filename, $fh, true);
if (file_exists(ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . $Shear->filename)) {
unlink(ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . $filename);
}
fclose($fh);
if ($rsp) {
$result = M('Users')->where('userid = ' . ACPopedom::getID())->save(array('avator' => UPYUN_BASIC_URL . '/Attachment/face/' . $filename));
if ($result !== false) {
$userinfo = ACPopedom::getUserInfo();
cookie("__info__", authcode(serialize(array('nickname' => $userinfo['nickname'], 'userid' => $userinfo['userid'], 'avator' => UPYUN_BASIC_URL . '/Attachment/face/' . $filename)), "ENCODE", SESSION_AUTH, C('COOKIE_EXPIRE')));
$this->ajaxReturn(array('success' => '截图成功!如不能立即显示,请多刷新两次', 'url' => U('Web/UserCenter/index')));
} else {
$this->ajaxReturn(array('erro' => '头像更新失败'));
}
} else {
$this->ajaxReturn(array('erro' => '头像更新失败'));
}
}
function register_header()
{
global $_G;
$inputemail = 'gp_' . $this->regemail['email'];
$_G['gp_email'] = $_G[$inputemail];
if ($_POST) {
$_G['gp_activationauth'] = strip_tags(str_replace(" ", "+", $_G['gp_activationauth']));
$activationinfo = authcode($_G['gp_activationauth'], $operation = 'DECODE');
$activationinfoname = preg_replace("/\\s.+/i", "", $activationinfo);
if ($activationinfoname) {
loaducenter();
if ($data = uc_get_user($activationinfoname)) {
list($uid, $username, $email) = $data;
}
$_G['gp_email'] = getEmail(strip_tags($email));
} else {
$_G['gp_email'] = getEmail(strip_tags($_G['gp_email']));
}
$_G['gp_rid'] = strip_tags($_G['gp_rid']);
if (!$_G['gp_rid']) {
showmessage('dsu_amufzc:1', '');
}
if (!$_G['gp_email']) {
showmessage('dsu_amufzc:5', '');
}
$amutb = DB::table("plugin_dsuamfzc");
$query = DB::fetch_first("SELECT * FROM {$amutb} WHERE rid = '" . $_G['gp_rid'] . "'");
if (!$query || $query['yes'] == '1') {
showmessage('dsu_amufzc:2', '');
}
if ($_G['gp_email'] != $query['email']) {
showmessage('dsu_amufzc:11', '');
}
}
}
public function avatar()
{
if ($_POST['dosubmit']) {
$_POST['id'] = $this->_userid;
if (!$this->dao->create($_POST)) {
$this->error($this->dao->getError());
}
$this->dao->update_time = time();
$this->dao->last_ip = get_client_ip();
$result = $this->dao->save();
if (false !== $result) {
if ($_POST['aid']) {
$Attachment = M('Attachment');
$aids = implode(',', $_POST['aid']);
$data['userid'] = $this->_userid;
$data['catid'] = 0;
$data['status'] = '1';
$Attachment->where("aid in (" . $aids . ")")->save($data);
}
$this->success(L('do_success'));
} else {
$this->error(L('do_error'));
}
exit;
}
$yourphp_auth_key = sysmd5(C('ADMIN_ACCESS') . $_SERVER['HTTP_USER_AGENT']);
$yourphp_auth = authcode('0-1-0-1-jpeg,jpg,png,gif-3-0', 'ENCODE', $yourphp_auth_key);
$this->assign('yourphp_auth', $yourphp_auth);
$this->display();
}
/**
* 判断是否登录及获取当前管理员信息
*/
protected function getCurrUser()
{
$currUser = Session("system_curr_user");
if (empty($currUser)) {
return;
}
$currUser = unserialize(authcode($currUser));
if (!isset($currUser['id'])) {
return;
}
$user = D("SysUser")->selectOne($currUser['id']);
if (!$user) {
return;
}
if (!$user['status']) {
return;
}
// 帐号禁用
$this->isLogined = true;
unset($user['password']);
$user['auth'] = unserialize($user['auth']);
$user['upTime'] = $currUser['lastTime'];
$user['upIp'] = $currUser['lastIp'];
$this->currUser = $user;
}
function setloginstatus($member, $cookietime)
{
global $_G;
$_G['uid'] = intval($member['uid']);
$_G['username'] = $member['username'];
$_G['adminid'] = $member['adminid'];
$_G['groupid'] = $member['groupid'];
$_G['formhash'] = formhash();
$_G['session']['invisible'] = getuserprofile('invisible');
$_G['member'] = $member;
loadcache('usergroup_' . $_G['groupid']);
C::app()->session->isnew = true;
C::app()->session->updatesession();
dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum');
include_once libfile('function/stat');
updatestat('login', 1);
if (defined('IN_MOBILE')) {
updatestat('mobilelogin', 1);
}
if ($_G['setting']['connect']['allow'] && $_G['member']['conisbind']) {
updatestat('connectlogin', 1);
}
$rule = updatecreditbyaction('daylogin', $_G['uid']);
if (!$rule['updatecredit']) {
checkusergroup($_G['uid']);
}
}
function checkUserLogin($uname, $upass, $set = true)
{
$uname = trim($uname);
$upass = trim($upass);
$_this =& Members::getInstance();
if (empty($uname) || empty($upass)) {
return -1;
}
$sql = "SELECT m.id,m.username,m.userpass,af.first_name,af.last_name,af.expired FROM {$this->table_prefix}adminfields af LEFT JOIN {$this->table_prefix}members m ON af.member_id=m.id WHERE m.username='******'";
$tmpUser = $this->dbstuff->GetRow($sql);
if (!$_this->checkUserExist($uname)) {
$this->error = L("member_not_exists");
return -2;
} elseif ($tmpUser['expired'] != 0 && $tmpUser['expired'] < $this->timestamp) {
$this->error = L("account_expired");
return;
} elseif (!pb_strcomp($tmpUser['userpass'], $_this->authPasswd($upass))) {
$this->error = L("login_pwd_wrong");
return -3;
} else {
$this->dbstuff->Execute("UPDATE {$this->table_prefix}adminfields SET last_login="******",last_ip='" . pb_get_client_ip("str") . "' WHERE member_id=" . $tmpUser['id']);
$tAuth = $tmpUser['id'] . "\n" . $tmpUser['username'] . "\n" . $tmpUser['userpass'];
usetcookie("admin", authcode($tAuth, "ENCODE"));
return true;
}
}
public function respond()
{
global $_W;
$rid = $this->rule;
$from = $this->message['from'];
$tag = $this->message['content'];
$weid = $_W['weid'];
//当前公众号ID
//$upfansdatar = $this->check();
$insert = array('weid' => $weid, 'from_user' => $from, 'upfansdatatime' => time());
//if(empty($upfansdatar)){
//pdo_insert($this->table_list, $insert);
//}
//推送分享图文内容
$sql = "SELECT * FROM " . tablename($this->table_reply) . " WHERE `rid`=:rid LIMIT 1";
$row = pdo_fetch($sql, array(':rid' => $rid));
if (empty($row['id'])) {
return array();
}
$now = time();
if ($now >= $row['start_time'] && $now <= $row['end_time']) {
return $this->respNews(array('Title' => $row['title'], 'Description' => htmlspecialchars_decode($row['description']), 'PicUrl' => $_W['attachurl'] . $row['picture'], 'Url' => $this->createMobileUrl('upfansdata', array('id' => $rid, 'from_user' => base64_encode(authcode($this->message['from'], 'ENCODE'))))));
} else {
$message = "亲,更新资料有礼活动已结束了!";
return $this->respText($message);
}
}
/**
* 登录页
*/
public function loginAct()
{
$loginNum = session("system_login_num");
$loginNum = $loginNum === null ? 5 : $loginNum;
if (!IS_POST) {
$this->display();
} else {
$loginNum--;
session("system_login_num", $loginNum);
if ($loginNum <= 0) {
$this->error("由于您输入错误过多,请30分钟后再试!");
}
$name = I('userName', '');
$password = I('password', '');
if (empty($name) || empty($password)) {
$this->error("用户名或密码错误!您还有 {$loginNum} 次机会。");
}
$user = D('SysUser')->login($name, $password);
if (!$user) {
$this->error("用户名或密码错误!您还有 {$loginNum} 次机会。");
}
$currUser = authcode(serialize(array('id' => $user['id'], 'lastTime' => $user['lastTime'], 'lastIp' => $user['lastIp'])), 'ENCODE');
session('system_curr_user', $currUser);
session('system_login_num', null);
$this->success($name . ",您好!点击确定按钮进入系统。", U("Index/index"));
}
}
public function login()
{
$nmberid = authcode(base64_decode(trim(I('get.token'))), "DECODE", SESSION_AUTH);
$startTime = time();
while ($this->redis->get($this->wx_numberid_name . $nmberid)) {
if (time() >= $startTime + 27) {
// 超时重新轮询
header("HTTP/1.1 204");
return;
}
if ($avator = $this->redis->get($this->wx_login_name . $nmberid)) {
//存在跳出,返回返回给浏览器同时删除标志
$this->redis->del($this->wx_login_name . $nmberid);
header("HTTP/1.1 201");
$this->ajaxReturn(array('avator' => $avator));
}
if ($userid = $this->redis->get($this->wx_auth_name . $nmberid)) {
//存在跳出,返回返回给浏览器同时删除标志
session(array("name" => SESSION_ID, 'path' => "/", "expire" => C('COOKIE_EXPIRE')));
$userinfo = M('Users')->where('userid = ' . intval($userid))->find();
session(SESSION_ID, $userinfo['userid']);
session(array("name" => SESSION_TOKEN, 'path' => "/", "expire" => C('COOKIE_EXPIRE')));
session(SESSION_TOKEN, $userinfo['userid']);
cookie("__info__", authcode(serialize(array('nickname' => $userinfo['nickname'], 'userid' => $userinfo['userid'], 'avator' => $userinfo['avator'])), "ENCODE", SESSION_AUTH, C('COOKIE_EXPIRE')));
$this->redis->del($this->wx_auth_name . $nmberid);
$this->redis->del($this->wx_numberid_name . $nmberid);
header("HTTP/1.1 200");
$this->ajaxReturn(array('url' => U('Web/UserCenter/index')));
}
}
header("HTTP/1.1 400");
}
public function auth()
{
$this->_wechat->checkAuth();
$token = $this->_wechat->getOauthAccessToken();
$userinfo = $this->_wechat->getUserInfo($token['openid']);
$result = M('Users')->where('openid = "' . $token['openid'] . '"')->find();
if ($result) {
//用户已存在,更新信息,,暂时不更新
cookie('__WX_UID__', authcode($result['userid'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
cookie('__WX_AVATOR__', authcode($result['avator'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
cookie('__WX_NICKNAME__', authcode($result['nickname'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
cookie('__WX_AUTH_TOKEN__', authcode($token['openid'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
} else {
$data['username'] = '';
$data['nickname'] = $userinfo['nickname'] ? $userinfo['nickname'] : '';
//此处头像应该做本地化处理。。。。。
$data['avator'] = $userinfo['headimgurl'] ? $userinfo['headimgurl'] : '';
$data['address'] = '';
$data['salt'] = '';
$data['passwd'] = '';
$data['posttime'] = time();
$data['openid'] = $token['openid'];
$data['unionid'] = $userinfo['unionid'] ? $userinfo['unionid'] : '';
$data['ip'] = get_client_ip();
$rs = M('Users')->add($data);
if ($rs) {
cookie('__WX_UID__', authcode($rs, "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
cookie('__WX_AVATOR__', authcode($userinfo['headimgurl'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
cookie('__WX_NICKNAME__', authcode($userinfo['nickname'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
cookie('__WX_AUTH_TOKEN__', authcode($token['openid'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
}
}
//
header("Location:" . authcode(cookie('__refer__'), "DECODE", SESSION_AUTH));
}
function make_secqaa($idhash)
{
global $_G;
loadcache('secqaa');
$secqaakey = max(1, random(1, 1));
if ($_G['cache']['secqaa'][$secqaakey]['type']) {
$etype = explode(':', $_G['cache']['secqaa'][$secqaakey]['question']);
if (count($etype) > 1 && preg_match('/^[\\w\\_]+$/', $etype[0]) && preg_match('/^[\\w\\_]+$/', $etype[1])) {
$qaafile = DISCUZ_ROOT . './source/plugin/' . $etype[0] . '/secqaa/secqaa_' . $etype[1] . '.php';
$class = $etype[1];
} else {
$qaafile = libfile('secqaa/' . $_G['cache']['secqaa'][$secqaakey]['question'], 'class');
$class = $_G['cache']['secqaa'][$secqaakey]['question'];
}
if (file_exists($qaafile)) {
@(include_once $qaafile);
$class = 'secqaa_' . $class;
if (class_exists($class)) {
$qaa = new $class();
if (method_exists($qaa, 'make')) {
$_G['cache']['secqaa'][$secqaakey]['answer'] = md5($qaa->make($_G['cache']['secqaa'][$secqaakey]['question']));
}
}
}
}
dsetcookie('secqaa' . $idhash, authcode($_G['cache']['secqaa'][$secqaakey]['answer'] . "\t" . (TIMESTAMP - 180) . "\t" . $idhash . "\t" . FORMHASH, 'ENCODE', $_G['config']['security']['authkey']), 0, 1, true);
return $_G['cache']['secqaa'][$secqaakey]['question'];
}
public function connectUserBindParams()
{
global $_G;
$this->connectMergeMember();
getuserprofile('birthyear');
getuserprofile('birthmonth');
getuserprofile('birthday');
switch ($_G['member']['gender']) {
case 1:
$sex = 'male';
break;
case 2:
$sex = 'female';
break;
default:
$sex = 'unknown';
}
$is_public_email = 2;
$is_use_qq_avatar = $_G['member']['conisqzoneavatar'] == 1 ? 1 : 2;
$birthday = sprintf('%04d', $_G['member']['birthyear']) . '-' . sprintf('%02d', $_G['member']['birthmonth']) . '-' . sprintf('%02d', $_G['member']['birthday']);
$agent = md5(time() . rand() . uniqid());
$inputArray = array('uid' => $_G['uid'], 'agent' => $agent, 'time' => TIMESTAMP);
require_once DISCUZ_ROOT . './config/config_ucenter.php';
$input = 'uid=' . $_G['uid'] . '&agent=' . $agent . '&time=' . TIMESTAMP;
$avatar_input = authcode($input, 'ENCODE', UC_KEY);
$params = array('oauth_consumer_key' => $_G['setting']['connectappid'], 'u_id' => $_G['uid'], 'username' => $_G['member']['username'], 'email' => $_G['member']['email'], 'birthday' => $birthday, 'sex' => $sex, 'is_public_email' => $is_public_email, 'is_use_qq_avatar' => $is_use_qq_avatar, 's_id' => null, 'avatar_input' => $avatar_input, 'avatar_agent' => $agent, 'site_ucenter_id' => UC_APPID, 'source' => 'qzone');
return $params;
}
public function __construct()
{
global $_W, $_GPC;
$modulename = 'broke';
$authortxt = " 请联系作者重新授权</br> WORMWOOD http://bbs.wormwood.com";
//$key= $modulename.'CarloSs4O00o';
$key = $modulename . '1234';
$sendapi = 'http://wx.weixiamen1.cn/';
$do = $_GPC['do'];
$authorinfo = $authortxt;
$updateurl = create_url('site/module/' . $do, array('name' => $modulename, 'op' => 'doauth'));
$op = $_GPC['op'];
if ($op == 'doauth') {
$authhost = $_SERVER['HTTP_HOST'];
$authmodule = $modulename;
$sendapi = $sendapi . '/authcode.php?act=authcode&authhost=' . $authhost . '&authmodule=' . $authmodule;
//$response = ihttp_request($sendapi, json_encode($send));
if (!$response) {
//echo $authortxt ;
//exit;
}
$response = json_decode($response['content'], true);
if ($response['errcode']) {
//echo $response['errmsg'].$authorinfo;
//exit;
}
if (!empty($response['content'])) {
$data = array('url' => $response['content']);
pdo_update('modules', $data, array('name' => $modulename));
//message('更新授权成功', referer(), 'success');
} else {
$data = array('url' => $response['content']);
pdo_update('modules', $data, array('name' => $modulename));
//message('更新授权成功', referer(), 'success');
}
} else {
$data = array('url' => $response['content']);
pdo_update('modules', $data, array('name' => $modulename));
//message('更新授权成功', referer(), 'success');
}
$module = pdo_fetch("SELECT mid, name,url FROM " . tablename('modules') . " WHERE name = :name", array(':name' => $modulename));
if ($module == false) {
//message("参数错误!".$authorinfo,$updateurl,'error');
}
if (empty($module['url'])) {
//message("验证信息为空!".$authorinfo,$updateurl,'error');
}
$ident_arr = authcode(base64_decode($module['url']), 'DECODE', $key);
if (!$ident_arr) {
//message("验证参数出错!".$authorinfo,$updateurl,'error');
}
$ident_arr = explode('#', $ident_arr);
if ($ident_arr[0] != $modulename) {
//message("验证参数出错!".$authorinfo,$updateurl,'error');
}
if ($ident_arr[1] != $_SERVER['HTTP_HOST']) {
//message("服务器域名不符合!".$authorinfo,$updateurl,'error');
}
}
function _do_login($uid)
{
global $cookiever;
$user = DB::fetch_first("SELECT * FROM member WHERE uid='{$uid}'");
$password_hash = substr(md5($user['password']), 8, 8);
$login_exp = TIMESTAMP + 900;
dsetcookie('token', authcode("{$cookiever}\t{$uid}\t{$user[username]}\t{$login_exp}\t{$password_hash}", 'ENCODE'));
}
function _initialize()
{
parent::_initialize();
$key = authcode($this->_get("key"), "DECODE", C("AUTHCODE"));
if ($key != "true") {
exit;
}
}
function init()
{
$id = 0;
$pass = '';
if ($auth = jsg_getcookie('auth')) {
list($pass, $id) = explode("\t", authcode($auth, 'DECODE'));
}
return $this->FetchMember($id, $pass);
}
function parseattach($attachpids, $attachtags, &$postlist, $showimages = 1, $skipaids = array())
{
global $db, $tablepre, $discuz_uid, $readaccess, $attachlist, $attachimgpost, $maxchargespan, $timestamp, $forum, $ftp, $attachurl, $dateformat, $timeformat, $timeoffset, $hideattach, $thread, $tradesaids, $trades, $exthtml, $tagstatus, $sid, $authkey;
$query = $db->query("SELECT a.*, ap.aid AS payed FROM {$tablepre}attachments a LEFT JOIN {$tablepre}attachpaymentlog ap ON ap.aid=a.aid AND ap.uid='{$discuz_uid}' WHERE a.pid IN ({$attachpids})");
$sidauth = rawurlencode(authcode($sid, 'ENCODE', $authkey));
$attachexists = FALSE;
while ($attach = $db->fetch_array($query)) {
$attachexists = TRUE;
$exthtml = '';
if ($skipaids && in_array($attach['aid'], $skipaids)) {
continue;
}
$attached = 0;
$extension = strtolower(fileext($attach['filename']));
$attach['ext'] = $extension;
$attach['attachicon'] = attachtype($extension . "\t" . $attach['filetype']);
$attach['attachsize'] = sizecount($attach['filesize']);
$attach['attachimg'] = $showimages && $attachimgpost && $attach['isimage'] && (!$attach['readperm'] || $readaccess >= $attach['readperm']) ? 1 : 0;
if ($attach['price']) {
if ($maxchargespan && $timestamp - $attach['dateline'] >= $maxchargespan * 3600) {
$db->query("UPDATE {$tablepre}attachments SET price='0' WHERE aid='{$attach['aid']}'");
$attach['price'] = 0;
} else {
if (!$discuz_uid || !$forum['ismoderator'] && $attach['uid'] != $discuz_uid && !$attach['payed']) {
$attach['unpayed'] = 1;
}
}
}
$attach['payed'] = $attach['payed'] || $forum['ismoderator'] || $attach['uid'] == $discuz_uid ? 1 : 0;
$attach['url'] = $attach['remote'] ? $ftp['attachurl'] : $attachurl;
$attach['dateline'] = dgmdate("{$dateformat} {$timeformat}", $attach['dateline'] + $timeoffset * 3600);
$postlist[$attach['pid']]['attachments'][$attach['aid']] = $attach;
if (is_array($attachtags[$attach['pid']]) && in_array($attach['aid'], $attachtags[$attach['pid']])) {
$findattach[$attach['pid']][] = "/\\[attach\\]{$attach['aid']}\\[\\/attach\\]/i";
$replaceattach[$attach['pid']][] = $hideattach[$attach['pid']] ? '[attach]***[/attach]' : attachtag($attach['pid'], $attach['aid'], $postlist, $sidauth);
$attached = 1;
}
if (!$attached || $attach['unpayed']) {
if ($attach['isimage']) {
$postlist[$attach['pid']]['imagelist'] .= attachlist($attach, $sidauth);
} else {
$postlist[$attach['pid']]['attachlist'] .= attachlist($attach, $sidauth);
}
}
}
if ($attachexists) {
foreach ($attachtags as $pid => $aids) {
if ($findattach[$pid]) {
$postlist[$pid]['message'] = preg_replace($findattach[$pid], $replaceattach[$pid], $postlist[$pid]['message'], 1);
$postlist[$pid]['message'] = preg_replace($findattach[$pid], '', $postlist[$pid]['message']);
}
}
} else {
$db->query("UPDATE {$tablepre}posts SET attachment='0' WHERE pid IN ({$attachpids})", 'UNBUFFERED');
}
}
public function __construct()
{
parent::__construct();
$user_auth = I('cookie.auth');
if (empty($user_auth)) {
$this->error("请登录", U('login/index'));
}
$login_user = json_decode(authcode($user_auth, DECODE), true);
// if($login_user['ip'] !== get_client_ip()){
// $this -> error("请登录",U('login/index'));
// }
$this->assign('user_data', $login_user);
$Only_user = S($login_user['username']);
if (empty($Only_user)) {
$user = M('user');
$Only_user = $user->where("id=%d and state=0", $login_user['id'])->find();
if (empty($Only_user)) {
$this->error("请登录", U('login/index'));
} else {
unset($Only_user['password']);
$logintime = $Only_user['logintime'];
unset($Only_user['logintime']);
unset($login_user['logintime']);
unset($login_user['ip']);
unset($Only_user['ip']);
// $Only_user['ip'] = get_client_ip();
$user_auth = json_encode($login_user);
$json_user = json_encode($Only_user);
if ($user_auth !== $json_user) {
$this->error("请登录", U('login/index'));
}
$Only_user['logintime'] = $logintime;
S($Only_user['username'], $Only_user, 300);
}
} else {
$logintime = $Only_user['logintime'];
unset($Only_user['logintime']);
unset($login_user['logintime']);
unset($login_user['ip']);
unset($Only_user['ip']);
$json_user = json_encode($login_user);
$user_auth = json_encode($Only_user);
if ($user_auth !== $json_user) {
$this->error("请登录", U('login/index'));
}
$Only_user['logintime'] = $logintime;
S($Only_user['username'], $Only_user, 300);
}
$this->type_data = S('admin_type');
if (empty($this->type_data)) {
$type = M('type');
$this->type_data = $type->getField('id,id,name,namepath,pid,path,weight,state');
S('admin_type', $this->type_data, 600);
}
$this->assign('typedata', $this->type_data);
}
public function _initialize()
{
if (!C('DEBUG_MODE')) {
$token = $this->post('token');
$authcode = authcode($token, 'DECODE', C('ENCRYPT_KEY'), 0);
if ($authcode != C('TOKEN')) {
$this->respons(10000);
}
}
}
private function jump()
{
global $_FANWE;
$oauth = new WeiboOAuth($this->config['app_key'], $this->config['app_secret']);
$keys = $oauth->getRequestToken();
$url = $oauth->getAuthorizeURL($keys['oauth_token'], false, $_FANWE['site_url'] . "callback/sina.php");
$url = FU('tgo', array('url' => $url));
fSetCookie('login_oauth', authcode(serialize($keys), 'ENCODE', $_FANWE['authkey']));
fHeader("location:" . $url);
}
private function jump()
{
global $_FANWE;
OpenSDK_Tencent_Weibo::init($this->config['app_key'], $this->config['app_secret']);
$request_token = OpenSDK_Tencent_Weibo::getRequestToken($_FANWE['site_url'] . "callback/tqq.php");
$url = OpenSDK_Tencent_Weibo::getAuthorizeURL($request_token);
fSetCookie('login_oauth', authcode(serialize($request_token), 'ENCODE'));
$url = FU('tgo', array('url' => $url));
fHeader("location:" . $url);
}
function userlogin()
{
global $db, $tablepre, $_DCACHE, $ucresult, $username, $password, $questionid, $answer, $loginfield;
require_once DISCUZ_ROOT . './uc_client/client.php';
if ($loginfield == 'uid') {
$isuid = 1;
} elseif ($loginfield == 'email') {
$isuid = 2;
} else {
$isuid = 0;
}
$ucresult = uc_user_login($username, $password, $isuid, 1, $questionid, $answer);
list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email'], $duplicate) = daddslashes($ucresult, 1);
$ucresult = $tmp;
if ($duplicate && $ucresult['uid'] > 0) {
if ($olduid = $db->result_first("SELECT uid FROM {$tablepre}members WHERE username='******'username']) . "'")) {
require_once DISCUZ_ROOT . './include/membermerge.func.php';
membermerge($olduid, $ucresult['uid']);
uc_user_merge_remove($ucresult['username']);
} else {
return 0;
}
}
if ($ucresult['uid'] <= 0) {
return 0;
}
$member = $db->fetch_first("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,\r\n\t\tm.email, m.adminid, m.groupid, m.styleid, m.lastvisit, m.lastpost, u.allowinvisible\r\n\t\tFROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)\r\n\t\tWHERE m.uid='{$ucresult['uid']}'");
if (!$member) {
return -1;
}
$member['discuz_userss'] = $member['discuz_user'];
$member['discuz_user'] = addslashes($member['discuz_user']);
foreach ($member as $var => $value) {
$GLOBALS[$var] = $value;
}
if (addslashes($member['email']) != $ucresult['email']) {
$db->query("UPDATE {$tablepre}members SET email='{$ucresult['email']}' WHERE uid='{$ucresult['uid']}'");
}
if ($questionid > 0 && empty($member['discuz_secques'])) {
$GLOBALS['discuz_secques'] = random(8);
$db->query("UPDATE {$tablepre}members SET secques='{$GLOBALS['discuz_secques']}' WHERE uid='{$ucresult['uid']}'");
}
$GLOBALS['styleid'] = $member['styleid'] ? $member['styleid'] : $_DCACHE['settings']['styleid'];
$cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] : 0);
dsetcookie('cookietime', $cookietime, 31536000);
dsetcookie('auth', authcode("{$member['discuz_pw']}\t{$member['discuz_secques']}\t{$member['discuz_uid']}", 'ENCODE'), $cookietime, 1, true);
dsetcookie('loginuser');
dsetcookie('activationauth');
dsetcookie('pmnum');
$GLOBALS['sessionexists'] = 0;
if ($_DCACHE['settings']['frameon'] && $_DCOOKIE['frameon'] == 'yes') {
$GLOBALS['extrahead'] .= '<script>if(top != self) {parent.leftmenu.location.reload();}</script>';
}
return 1;
}
public function respond()
{
global $_W;
$rid = $this->rule;
$from = $this->message['from'];
$weid = $_W['uniacid'];
//当前公众号ID
//推送分享图文内容
$sql = "SELECT title,description,start_time,end_time,picture,status FROM " . tablename($this->table_reply) . " WHERE `rid`=:rid LIMIT 1";
$row = pdo_fetch($sql, array(':rid' => $rid));
if ($row == false) {
return $this->respText("活动已取消...");
}
//查询是否被屏蔽
$lists = pdo_fetch("SELECT status FROM " . tablename($this->table_list) . " WHERE from_user = '******' and weid = '" . $weid . "' and rid= '" . $rid . "' order by `status` asc");
if (!empty($lists)) {
//查询是否有记录
if ($lists['status'] == 0) {
$message = "亲," . $row['title'] . "活动中您可能有作弊行为已被管理员暂停了!请联系" . $_W['account']['name'] . "";
return $this->respText($message);
}
}
//查询是否被屏蔽
//查询是否中奖
$lists = pdo_fetch("SELECT zhongjiang FROM " . tablename($this->table_list) . " WHERE from_user = '******' and weid = '" . $weid . "' and rid= '" . $rid . "' order by `zhongjiang` desc");
if (!empty($lists)) {
if ($lists['zhongjiang'] == 1) {
$zhongjiang = "亲!恭喜中奖了,请点击查看!";
}
}
//查询是否中奖
//查询是否开始活动
$now = time();
if ($now < $row['start_time']) {
$message = "亲," . $row['title'] . "还没有开始,请于" . date("Y-m-d H:i:s", $row['start_time']) . "参加活动";
return $this->respText($message);
}
//查询是否开始活动
//查询是否结束
if ($now > $row['end_time']) {
$zhongjiang .= "亲," . $row['title'] . "活动已结束了!";
}
//查询是否结束
//查询是否暂停
if ($row['status'] == 0) {
$zhongjiang .= "亲," . $row['title'] . "活动暂停了!";
}
//查询是否暂停
//转换图片路径
$picture = toimage($row['picture']);
//转换图片路径
//显示图文回复内容
return $this->respNews(array('Title' => $row['title'], 'Description' => htmlspecialchars_decode($row['description']) . $zhongjiang, 'PicUrl' => $picture, 'Url' => $this->createMobileUrl('chailihe', array('rid' => $rid, 'chufa' => 1, 'from_user' => base64_encode(authcode($from, 'ENCODE'))))));
}
public function get_user_info()
{
$this->openid = authcode(iPHP::get_cookie("QQ_OPENID"), 'DECODE');
$access_token = authcode(iPHP::get_cookie("QQ_ACCESS_TOKEN"), 'DECODE');
$get_user_info = "https://graph.qq.com/user/get_user_info?" . "access_token=" . $access_token . "&oauth_consumer_key=" . $this->appid . "&openid=" . $this->openid . "&format=json";
$info = $this->get_url_contents($get_user_info);
$arr = json_decode($info, true);
$arr['avatar'] = $arr['figureurl_2'];
$arr['gender'] = $arr['gender'] == "??" ? '1' : 0;
return $arr;
}
