public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (empty($_GET['phone_reg'])) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['sechash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['sechash'])) {
showmessage('submit_seccode_invalid');
}
}
}
return TRUE;
// For ios reg modify by heavenK
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && !empty($_GET['phone_reg']) && empty($_SERVER['HTTP_X_FLASH_VERSION']) && empty($_SERVER['HTTP_REFERER'])) {
return TRUE;
} else {
//add by zh
if ($_GET['mod'] == 'sms' && $_GET['flag'] == 1) {
exit(lang('message', 'submit_invalid'));
} else {
showmessage('submit_invalid');
}
}
}
}
public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || strncmp($_SERVER['HTTP_REFERER'], 'http://wsq.discuz.qq.com', 24) === 0 || strncmp($_SERVER['HTTP_REFERER'], 'http://m.wsq.qq.com', 19) === 0 || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['secqaahash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['seccodehash'], 0, $_GET['seccodemodid'])) {
showmessage('submit_seccode_invalid');
}
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
}
$loglist[] = $log;
}
$otherinfo = getotherinfo($aids, $pids, $tids, $taskids, $uids);
}
$navtitle = lang('core', 'title_credit');
$creditsformulaexp = str_replace('*', 'X', $_G['setting']['creditsformulaexp']);
} elseif ($_GET['op'] == 'buy') {
if ((!$_G['setting']['ec_ratio'] || !$_G['setting']['ec_tenpay_opentrans_chnid'] && !$_G['setting']['ec_tenpay_bargainor'] && !$_G['setting']['ec_account']) && !$_G['setting']['card']['open']) {
showmessage('action_closed', NULL);
}
if (submitcheck('addfundssubmit')) {
$apitype = is_numeric($_GET['bank_type']) ? 'tenpay' : $_GET['bank_type'];
if ($apitype == 'card') {
if ($_G['setting']['seccodestatus'] & 16) {
if (!check_seccode($_GET['seccodeverify'], $_GET['sechash'])) {
showmessage('submit_seccode_invalid', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
}
if (!$_POST['cardid']) {
showmessage('memcp_credits_card_msg_cardid_incorrect', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
if (!($card = C::t('common_card')->fetch($_POST['cardid']))) {
showmessage('memcp_credits_card_msg_card_unfined', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true, 'extrajs' => '<script type="text/javascript">updateseccode("' . $_GET['sechash'] . '");</script>'));
} else {
if ($card['status'] == 2) {
showmessage('memcp_credits_card_msg_used', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
if ($card['cleardateline'] < TIMESTAMP) {
showmessage('memcp_credits_card_msg_cleardateline_early', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
$ani = $_G['setting']['seccodedata']['animator'] ? '_ani' : '';
if ($_G['setting']['seccodedata']['type'] == 2) {
$message = '<div id="seccodeswf_' . $idhash . '"></div>' . (extension_loaded('ming') ? "<script type=\"text/javascript\" reload=\"1\">\n\$('seccodeswf_{$idhash}').innerHTML='" . lang('core', 'seccode_image' . $ani . '_tips') . "' + AC_FL_RunContent(\n\t\t\t\t'width', '" . $_G['setting']['seccodedata']['width'] . "', 'height', '" . $_G['setting']['seccodedata']['height'] . "', 'src', 'misc.php?mod=seccode&update={$rand}&idhash={$idhash}',\n\t\t\t\t'quality', 'high', 'wmode', 'transparent', 'bgcolor', '#ffffff',\n\t\t\t\t'align', 'middle', 'menu', 'false', 'allowScriptAccess', 'sameDomain');\n</script>" : "<script type=\"text/javascript\" reload=\"1\">\n\$('seccodeswf_{$idhash}').innerHTML='" . lang('core', 'seccode_image' . $ani . '_tips') . "' + AC_FL_RunContent(\n\t\t\t\t'width', '" . $_G['setting']['seccodedata']['width'] . "', 'height', '" . $_G['setting']['seccodedata']['height'] . "', 'src', '{$_G['siteurl']}static/image/seccode/flash/flash2.swf',\n\t\t\t\t'FlashVars', 'sFile=" . rawurlencode("{$_G['siteurl']}misc.php?mod=seccode&update={$rand}&idhash={$idhash}") . "', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true');\n</script>");
} elseif ($_G['setting']['seccodedata']['type'] == 3) {
$flashcode = "<span id=\"seccodeswf_{$idhash}\"></span><script type=\"text/javascript\" reload=\"1\">\n\$('seccodeswf_{$idhash}').innerHTML='" . lang('core', 'seccode_sound_tips') . "' + AC_FL_RunContent(\n\t\t\t\t'id', 'seccodeplayer_{$idhash}', 'name', 'seccodeplayer_{$idhash}', 'width', '0', 'height', '0', 'src', '{$_G['siteurl']}static/image/seccode/flash/flash1.swf',\n\t\t\t\t'FlashVars', 'sFile=" . rawurlencode("{$_G['siteurl']}misc.php?mod=seccode&update={$rand}&idhash={$idhash}") . "', 'menu', 'false', 'allowScriptAccess', 'sameDomain', 'swLiveConnect', 'true');\n</script>";
$message = 'seccode_player';
} else {
$message = lang('core', 'seccode_image' . $ani . '_tips') . '<img onclick="updateseccode(\'' . $idhash . '\')" width="' . $_G['setting']['seccodedata']['width'] . '" height="' . $_G['setting']['seccodedata']['height'] . '" src="misc.php?mod=seccode&update=' . $rand . '&idhash=' . $idhash . '" class="absmiddle" alt="" />';
}
}
include template('common/header_ajax');
echo lang('message', $message, array('flashcode' => $flashcode, 'idhash' => $idhash));
include template('common/footer_ajax');
} elseif ($_G['gp_action'] == 'check') {
include template('common/header_ajax');
echo check_seccode($_G['gp_secverify'], $_G['gp_idhash']) ? 'succeed' : 'invalid';
include template('common/footer_ajax');
} else {
$refererhost = parse_url($_SERVER['HTTP_REFERER']);
$refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
if ($_G['setting']['seccodedata']['type'] < 2 && ($refererhost['host'] != $_SERVER['HTTP_HOST'] || !$_G['setting']['seccodestatus']) || $_G['setting']['seccodedata']['type'] == 2 && !extension_loaded('ming') && $_POST['fromFlash'] != 1 || $_G['setting']['seccodedata']['type'] == 3 && $_GET['fromFlash'] != 1) {
exit('Access Denied');
}
$seccode = make_seccode($_G['gp_idhash']);
if (!$_G['setting']['nocacheheaders']) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
require_once libfile('class/seccode');
$code = new seccode();
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $_G['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_G['gp_secanswer'], $_G['gp_sechash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_G['gp_seccodeverify'], $_G['gp_sechash'])) {
showmessage('submit_seccode_invalid');
}
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
exit;
}
}
}
exit;
} else {
$message = lang('core', 'seccode_image' . $ani . '_tips') . '<img onclick="updateseccode(\'' . $idhash . '\')" width="' . $_G['setting']['seccodedata']['width'] . '" height="' . $_G['setting']['seccodedata']['height'] . '" src="misc.php?mod=seccode&update=' . $rand . '&idhash=' . $idhash . '" class="vm" alt="" />';
}
}
}
include template('common/header_ajax');
echo lang('message', $message, array('flashcode' => $flashcode, 'idhash' => $idhash));
include template('common/footer_ajax');
} elseif ($_GET['action'] == 'check') {
include template('common/header_ajax');
echo check_seccode($_GET['secverify'], $_GET['idhash']) ? 'succeed' : 'invalid';
include template('common/footer_ajax');
} else {
$refererhost = parse_url($_SERVER['HTTP_REFERER']);
$refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
if ($_G['setting']['seccodedata']['type'] < 2 && ($refererhost['host'] != $_SERVER['HTTP_HOST'] || !$_G['setting']['seccodestatus']) || $_G['setting']['seccodedata']['type'] == 2 && !extension_loaded('ming') && $_POST['fromFlash'] != 1 || $_G['setting']['seccodedata']['type'] == 3 && $_GET['fromFlash'] != 1) {
exit('Access Denied');
}
$seccode = make_seccode($_GET['idhash']);
if (!$_G['setting']['nocacheheaders']) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
require_once libfile('class/seccode');
$code = new seccode();
}
$loglist[] = $log;
}
$otherinfo = getotherinfo($aids, $pids, $tids, $taskids, $uids);
}
$navtitle = lang('core', 'title_credit');
$creditsformulaexp = str_replace('*', 'X', $_G['setting']['creditsformulaexp']);
} elseif ($_G['gp_op'] == 'buy') {
if ((!$_G['setting']['ec_ratio'] || !$_G['setting']['ec_tenpay_opentrans_chnid'] && !$_G['setting']['ec_tenpay_bargainor'] && !$_G['setting']['ec_account']) && !$_G['setting']['card']['open']) {
showmessage('action_closed', NULL);
}
if (submitcheck('addfundssubmit')) {
$apitype = $_G['gp_apitype'];
if ($apitype == 'card') {
if ($_G['setting']['seccodestatus'] & 16) {
if (!check_seccode($_G['gp_seccodeverify'], $_G['gp_sechash'])) {
showmessage('submit_seccode_invalid', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
}
if (!$_POST['cardid']) {
showmessage('memcp_credits_card_msg_cardid_incorrect', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
if (!($card = DB::fetch_first("SELECT * FROM " . DB::table('common_card') . " WHERE id = '{$_POST['cardid']}'"))) {
showmessage('memcp_credits_card_msg_card_unfined', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true, 'extrajs' => '<script type="text/javascript">updateseccode("' . $_G['gp_sechash'] . '");</script>'));
} else {
if ($card['status'] == 2) {
showmessage('memcp_credits_card_msg_used', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
if ($card['cleardateline'] < TIMESTAMP) {
showmessage('memcp_credits_card_msg_cleardateline_early', '', array(), array('showdialog' => 1, 'showmsg' => true, 'closetime' => true));
}
