public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (empty($_GET['phone_reg'])) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['sechash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['sechash'])) {
showmessage('submit_seccode_invalid');
}
}
}
return TRUE;
// For ios reg modify by heavenK
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && !empty($_GET['phone_reg']) && empty($_SERVER['HTTP_X_FLASH_VERSION']) && empty($_SERVER['HTTP_REFERER'])) {
return TRUE;
} else {
//add by zh
if ($_GET['mod'] == 'sms' && $_GET['flag'] == 1) {
exit(lang('message', 'submit_invalid'));
} else {
showmessage('submit_invalid');
}
}
}
}
public static function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_GET['formhash']) && $_GET['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || strncmp($_SERVER['HTTP_REFERER'], 'http://wsq.discuz.qq.com', 24) === 0 || strncmp($_SERVER['HTTP_REFERER'], 'http://m.wsq.qq.com', 19) === 0 || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_GET['secanswer'], $_GET['secqaahash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_GET['seccodeverify'], $_GET['seccodehash'], 0, $_GET['seccodemodid'])) {
showmessage('submit_seccode_invalid');
}
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
function submitcheck($var, $allowget = 0, $seccodecheck = 0, $secqaacheck = 0)
{
if (!getgpc($var)) {
return FALSE;
} else {
global $_G;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $_G['formhash'] == formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
if (checkperm('seccode')) {
if ($secqaacheck && !check_secqaa($_G['gp_secanswer'], $_G['gp_sechash'])) {
showmessage('submit_secqaa_invalid');
}
if ($seccodecheck && !check_seccode($_G['gp_seccodeverify'], $_G['gp_sechash'])) {
showmessage('submit_seccode_invalid');
}
}
return TRUE;
} else {
showmessage('submit_invalid');
}
}
}
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: misc_secqaa.php 10395 2010-05-11 04:48:31Z monkey $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
require_once libfile('function/seccode');
if ($_G['gp_action'] == 'update') {
$refererhost = parse_url($_SERVER['HTTP_REFERER']);
$refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
if ($refererhost['host'] != $_SERVER['HTTP_HOST']) {
exit('Access Denied');
}
$message = '';
if ($_G['setting']['secqaa']) {
$question = make_secqaa($_G['gp_idhash']);
}
include template('common/header_ajax');
echo lang('core', 'secqaa_tips') . $question;
include template('common/footer_ajax');
} elseif ($_G['gp_action'] == 'check') {
include template('common/header_ajax');
echo check_secqaa($_G['gp_secverify'], $_G['gp_idhash']) ? 'succeed' : 'invalid';
include template('common/footer_ajax');
}
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: misc_secqaa.php 25246 2011-11-02 03:34:53Z zhangguosheng $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
require_once libfile('function/seccode');
if ($_GET['action'] == 'update') {
$refererhost = parse_url($_SERVER['HTTP_REFERER']);
$refererhost['host'] .= !empty($refererhost['port']) ? ':' . $refererhost['port'] : '';
if ($refererhost['host'] != $_SERVER['HTTP_HOST']) {
exit('Access Denied');
}
$message = '';
if ($_G['setting']['secqaa']) {
$question = make_secqaa($_GET['idhash']);
}
include template('common/header_ajax');
echo lang('core', 'secqaa_tips') . $question;
include template('common/footer_ajax');
} elseif ($_GET['action'] == 'check') {
include template('common/header_ajax');
echo check_secqaa($_GET['secverify'], $_GET['idhash']) ? 'succeed' : 'invalid';
include template('common/footer_ajax');
}
