function check_cpaccess()
{
global $_G;
$session = array();
if (!$this->adminuser['uid']) {
$this->cpaccess = 0;
} else {
if (!$this->isfounder) {
$session = C::t('user')->fetch($this->adminuser['uid']);
if ($session && ($session['groupid'] == 1 || $session['groupid'] == 2)) {
$session = array_merge($session, (array) C::t('admincp_session')->fetch($this->adminuser['uid'], $session['groupid']));
} else {
$session = array();
}
} else {
$session = C::t('admincp_session')->fetch($this->adminuser['uid'], $this->panel);
}
if (empty($session)) {
$this->cpaccess = $this->isfounder ? 1 : -2;
} elseif (isset($_G['setting']['adminipaccess']) && $_G['setting']['adminipaccess'] && !ipaccess($_G['clientip'], $_G['setting']['adminipaccess'])) {
$this->do_user_login();
} elseif ($session && empty($session['uid'])) {
$this->cpaccess = 1;
} elseif ($session['dateline'] < $this->sessionlimit) {
$this->cpaccess = 1;
} elseif ($this->cpsetting['checkip'] && $session['ip'] != $this->core->var['clientip']) {
$this->cpaccess = 1;
} elseif ($session['errorcount'] >= 0 && $session['errorcount'] <= 3) {
$this->cpaccess = 2;
} elseif ($session['errorcount'] == -1) {
$this->cpaccess = 3;
} else {
$this->cpaccess = -1;
}
}
if ($this->cpaccess == 2 || $this->cpaccess == 3) {
if (!empty($session['customperm'])) {
$session['customperm'] = dunserialize($session['customperm']);
}
}
$this->adminsession = $session;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['admin_password'])) {
if ($this->cpaccess == 2) {
$this->check_admin_login();
} elseif ($this->cpaccess == 0) {
$this->check_user_login();
}
}
if ($this->cpaccess == 1) {
C::t('admincp_session')->delete($this->adminuser['uid'], $this->adminuser['groupid'], $this->sessionlife);
C::t('admincp_session')->insert(array('uid' => $this->adminuser['uid'], 'adminid' => $this->adminuser['adminid'], 'panel' => $this->adminuser['groupid'], 'ip' => $this->core->var['clientip'], 'dateline' => TIMESTAMP, 'errorcount' => 0));
} elseif ($this->cpaccess == 3) {
//$this->load_admin_perms();
C::t('admincp_session')->update($this->adminuser['uid'], $this->adminuser['groupid'], array('dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1));
}
if ($this->cpaccess != 3) {
$this->do_user_login();
}
}
function check_cpaccess()
{
global $_G;
$session = array();
if (!$this->adminuser['uid']) {
$this->cpaccess = 0;
} else {
if (!$this->isfounder) {
$session = DB::fetch_first("SELECT m.cpgroupid, m.customperm, s.*\r\n\t\t\t\t\tFROM " . DB::table('common_admincp_member') . " m\r\n\t\t\t\t\tLEFT JOIN " . DB::table('common_admincp_session') . " s ON(s.uid=m.uid AND s.panel={$this->panel})\r\n\t\t\t\t\tWHERE m.uid='{$this->adminuser['uid']}'");
} else {
$session = DB::fetch_first("SELECT * FROM " . DB::table('common_admincp_session') . "\r\n\t\t\t\t\tWHERE uid='{$this->adminuser['uid']}' AND panel={$this->panel}");
}
if (empty($session)) {
$this->cpaccess = $this->isfounder ? 1 : -2;
} elseif ($_G['setting']['adminipaccess'] && !ipaccess($_G['clientip'], $_G['setting']['adminipaccess'])) {
$this->do_user_login();
} elseif ($session && empty($session['uid'])) {
$this->cpaccess = 1;
} elseif ($session['dateline'] < $this->sessionlimit) {
$this->cpaccess = 1;
} elseif ($this->cpsetting['checkip'] && $session['ip'] != $this->core->var['clientip']) {
$this->cpaccess = 1;
} elseif ($session['errorcount'] >= 0 && $session['errorcount'] <= 3) {
$this->cpaccess = 2;
} elseif ($session['errorcount'] == -1) {
$this->cpaccess = 3;
} else {
$this->cpaccess = -1;
}
}
if ($this->cpaccess == 2 || $this->cpaccess == 3) {
if (!empty($session['customperm'])) {
$session['customperm'] = unserialize($session['customperm']);
}
}
$this->adminsession = $session;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['admin_password'])) {
if ($this->cpaccess == 2) {
$this->check_admin_login();
} elseif ($this->cpaccess == 0) {
$this->check_user_login();
}
}
if ($this->cpaccess == 1) {
DB::delete('common_admincp_session', "(uid='{$this->adminuser['uid']}' AND panel='{$this->panel}') OR dateline<'{$this->sessionlimit}'");
DB::query("INSERT INTO " . DB::table('common_admincp_session') . " (uid, adminid, panel, ip, dateline, errorcount)\r\n\t\t\tVALUES ('{$this->adminuser['uid']}', '{$this->adminuser['adminid']}', '{$this->panel}', '{$this->core->var['clientip']}', '" . TIMESTAMP . "', '0')");
} elseif ($this->cpaccess == 3) {
$this->load_admin_perms();
DB::update('common_admincp_session', array('dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), "uid={$this->adminuser['uid']} AND panel={$this->panel}");
}
if ($this->cpaccess != 3) {
$this->do_user_login();
}
}
function adminsession($uid, $groupid, $adminid, $ip)
{
global $adminipaccess, $db, $tablepre;
$this->panel = defined('IN_ADMINCP') ? 1 : (defined('IN_MODCP') ? 2 : -1);
$this->inadmincp = defined('IN_ADMINCP');
$this->uid = $uid;
$this->timelimit = time() - 1800;
$this->db =& $db;
$this->tablepre =& $tablepre;
if ($uid < 1 || $adminid < 1 || $this->inadmincp && $adminid != 1) {
$cpaccess = 0;
} elseif ($this->inadmincp && $adminipaccess && !ipaccess($ip, $adminipaccess)) {
$cpaccess = 2;
} else {
$session = $this->_loadsession($uid, $ip, $GLOBALS['admincp']['checkip']);
$this->errorcount = $session['errorcount'];
$this->storage = $session['storage'];
if (empty($session)) {
$this->creatsession($uid, $adminid, $ip);
$cpaccess = 1;
} elseif ($session['errorcount'] == -1) {
$this->update();
$cpaccess = 3;
} elseif ($session['errorcount'] <= 3) {
$cpaccess = 1;
} else {
$cpaccess = -1;
}
}
if ($cpaccess == 0) {
clearcookies();
showmessage('admin_cpanel_noaccess', 'logging.php?action=login', 'HALTED');
} elseif ($cpaccess == 2) {
showmessage('admin_cpanel_noaccess_ip', NULL, 'HALTED');
} elseif ($cpaccess == -1) {
showmessage('admin_cpanel_locked', NULL, 'HALTED');
}
$this->cpaccess = $cpaccess;
}
function adminsession($uid, $groupid, $adminid, $ip)
{
global $_G;
$this->panel = defined('IN_ADMINCP') ? 1 : (defined('IN_MODCP') ? 2 : -1);
$this->inadmincp = defined('IN_ADMINCP');
$this->uid = $uid;
$this->timelimit = time() - 1800;
$this->db =& $db;
$this->tablepre =& $tablepre;
if ($uid < 1 || $adminid < 1 || $this->inadmincp && $adminid != 1) {
$cpaccess = 0;
} elseif ($this->inadmincp && $_G['setting']['adminipaccess'] && !ipaccess($ip, $_G['setting']['adminipaccess'])) {
$cpaccess = 2;
} else {
$session = $this->_loadsession($uid, $ip, $_G['config']['admincp']['checkip']);
$this->errorcount = $session['errorcount'];
$this->storage = $session['storage'];
if (empty($session)) {
$this->creatsession($uid, $adminid, $ip);
$cpaccess = 1;
} elseif ($session['errorcount'] == -1) {
$this->update();
$cpaccess = 3;
} elseif ($session['errorcount'] <= 3) {
$cpaccess = 1;
} else {
$cpaccess = -1;
}
}
if ($cpaccess == 0) {
showmessage('admin_cpanel_noaccess', 'member.php?mod=logging&action=login');
} elseif ($cpaccess == 2) {
showmessage('admin_cpanel_noaccess_ip', NULL);
} elseif ($cpaccess == -1) {
showmessage('admin_cpanel_locked', NULL);
}
$this->cpaccess = $cpaccess;
}
function ipbanned($onlineip)
{
global $ipaccess, $timestamp, $cachelost;
if ($ipaccess && !ipaccess($onlineip, $ipaccess)) {
return TRUE;
}
$cachelost .= @(include DISCUZ_ROOT . './forumdata/cache/cache_ipbanned.php') ? '' : ' ipbanned';
if (empty($_DCACHE['ipbanned'])) {
return FALSE;
} else {
if ($_DCACHE['ipbanned']['expiration'] < $timestamp) {
@unlink(DISCUZ_ROOT . './forumdata/cache/cache_ipbanned.php');
}
return preg_match("/^(" . $_DCACHE['ipbanned']['regexp'] . ")\$/", $onlineip);
}
}
function checkclose()
{
global $_SGLOBAL, $_SCONFIG;
//站点关闭
if ($_SCONFIG['close'] && !ckfounder($_SGLOBAL['supe_uid']) && !checkperm('closeignore')) {
if (empty($_SCONFIG['closereason'])) {
showmessage('site_temporarily_closed');
} else {
showmessage($_SCONFIG['closereason']);
}
}
//IP访问检查
if ((!ipaccess($_SCONFIG['ipaccess']) || ipbanned($_SCONFIG['ipbanned'])) && !ckfounder($_SGLOBAL['supe_uid']) && !checkperm('closeignore')) {
showmessage('ip_is_not_allowed_to_visit');
}
}
function ipbanned($onlineip)
{
global $_G;
if ($_G['setting']['ipaccess'] && !ipaccess($onlineip, $_G['setting']['ipaccess'])) {
return TRUE;
}
loadcache('ipbanned');
if (empty($_G['cache']['ipbanned'])) {
return FALSE;
} else {
if ($_G['cache']['ipbanned']['expiration'] < TIMESTAMP) {
require_once libfile('function/cache');
updatecache('ipbanned');
}
return preg_match("/^(" . $_G['cache']['ipbanned']['regexp'] . ")\$/", $onlineip);
}
}
function _init_misc()
{
if (!$this->init_misc) {
return false;
}
lang('core');
if ($this->init_setting && $this->init_user) {
if (!isset($this->var['member']['timeoffset']) || $this->var['member']['timeoffset'] == 9999 || $this->var['member']['timeoffset'] === '') {
$this->var['member']['timeoffset'] = $this->var['setting']['timeoffset'];
}
}
$timeoffset = $this->init_setting ? $this->var['member']['timeoffset'] : $this->var['setting']['timeoffset'];
$this->var['timenow'] = array('time' => dgmdate(TIMESTAMP), 'offset' => $timeoffset >= 0 ? $timeoffset == 0 ? '' : '+' . $timeoffset : $timeoffset);
$this->timezone_set($timeoffset);
$this->var['formhash'] = formhash();
define('FORMHASH', $this->var['formhash']);
if ($this->init_user) {
if ($this->var['group'] && isset($this->var['group']['allowvisit']) && !$this->var['group']['allowvisit']) {
if ($this->var['uid']) {
sysmessage('user_banned', null);
} elseif ((!defined('ALLOWGUEST') || !ALLOWGUEST) && !in_array(CURSCRIPT, array('member', 'api')) && !$this->var['inajax']) {
dheader('location: member.php?mod=logging&action=login&referer=' . rawurlencode($_SERVER['REQUEST_URI']));
}
}
if ($this->var['member']['status'] == -1) {
sysmessage('user_banned', null);
}
}
if ($this->var['setting']['ipaccess'] && !ipaccess($this->var['clientip'], $this->var['setting']['ipaccess'])) {
sysmessage('user_banned', null);
}
if ($this->var['setting']['bbclosed']) {
if ($this->var['uid'] && ($this->var['group']['allowvisit'] == 2 || $this->var['groupid'] == 1)) {
} elseif (in_array(CURSCRIPT, array('admin', 'member', 'api')) || defined('ALLOWGUEST') && ALLOWGUEST) {
} else {
$closedreason = DB::result_first("SELECT svalue FROM " . DB::table('common_setting') . " WHERE skey='closedreason'");
$closedreason = str_replace(':', ':', $closedreason);
showmessage($closedreason ? $closedreason : 'board_closed', NULL, array('adminemail' => $this->var['setting']['adminemail']), array('login' => 1));
}
}
if (CURSCRIPT != 'admin' && !in_array($this->var['mod'], array('logging', 'seccode'))) {
periodscheck('visitbanperiods');
}
if (defined('IN_MOBILE')) {
$this->var['tpp'] = $this->var['setting']['mobile']['mobiletopicperpage'] ? intval($this->var['setting']['mobile']['mobiletopicperpage']) : 20;
$this->var['ppp'] = $this->var['setting']['mobile']['mobilepostperpage'] ? intval($this->var['setting']['mobile']['mobilepostperpage']) : 5;
} else {
$this->var['tpp'] = $this->var['setting']['topicperpage'] ? intval($this->var['setting']['topicperpage']) : 20;
$this->var['ppp'] = $this->var['setting']['postperpage'] ? intval($this->var['setting']['postperpage']) : 10;
}
if ($this->var['setting']['nocacheheaders']) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
if ($this->session->isnew && $this->var['uid']) {
updatecreditbyaction('daylogin', $this->var['uid']);
include_once libfile('function/stat');
updatestat('login', 1);
if (defined('IN_MOBILE')) {
updatestat('mobilelogin', 1);
}
if ($this->var['setting']['connect']['allow'] && $this->var['member']['conisbind']) {
updatestat('connectlogin', 1);
}
}
if ($this->var['member']['conisbind'] && $this->var['setting']['connect']['newbiespan'] !== '') {
$this->var['setting']['newbiespan'] = $this->var['setting']['connect']['newbiespan'];
}
$lastact = TIMESTAMP . "\t" . htmlspecialchars(basename($this->var['PHP_SELF'])) . "\t" . htmlspecialchars($this->var['mod']);
dsetcookie('lastact', $lastact, 86400);
setglobal('currenturl_encode', base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
if ((!empty($this->var['gp_fromuid']) || !empty($this->var['gp_fromuser'])) && ($this->var['setting']['creditspolicy']['promotion_visit'] || $this->var['setting']['creditspolicy']['promotion_register'])) {
require_once libfile('misc/promotion', 'include');
}
$this->var['seokeywords'] = !empty($this->var['setting']['seokeywords'][CURSCRIPT]) ? $this->var['setting']['seokeywords'][CURSCRIPT] : '';
$this->var['seodescription'] = !empty($this->var['setting']['seodescription'][CURSCRIPT]) ? $this->var['setting']['seodescription'][CURSCRIPT] : '';
}
private function _init_misc()
{
if (!$this->init_misc) {
return false;
}
lang('core');
if ($this->init_setting && $this->init_user) {
if (!isset($this->var['member']['timeoffset']) || $this->var['member']['timeoffset'] == 9999 || $this->var['member']['timeoffset'] === '') {
$this->var['member']['timeoffset'] = $this->var['setting']['timeoffset'];
}
}
$timeoffset = $this->init_setting ? $this->var['member']['timeoffset'] : $this->var['setting']['timeoffset'];
$this->var['timenow'] = array('time' => dgmdate(TIMESTAMP), 'offset' => $timeoffset >= 0 ? $timeoffset == 0 ? '' : '+' . $timeoffset : $timeoffset);
$this->timezone_set($timeoffset);
$this->var['formhash'] = formhash();
define('FORMHASH', $this->var['formhash']);
if ($this->init_user) {
$allowvisitflag = in_array(CURSCRIPT, array('user')) || defined('ALLOWGUEST') && ALLOWGUEST;
if (isset($this->var['member']['status']) && $this->var['member']['status'] == -1 && !$allowvisitflag) {
showmessage('user_banned');
}
}
if (isset($this->var['setting']['ipaccess']) && $this->var['setting']['ipaccess'] && !ipaccess($this->var['clientip'], $this->var['setting']['ipaccess'])) {
showmessage('user_banned');
}
if ($this->var['setting']['bbclosed']) {
if ($this->var['member']['adminid'] == 1) {
//系统管理员允许访问
} elseif (in_array(CURSCRIPT, array('admin', 'user', 'api')) || defined('ALLOWGUEST') && ALLOWGUEST) {
} else {
$closedreason = C::t('setting')->fetch('closedreason');
$closedreason = str_replace(':', ':', $closedreason);
dheader("Location: user.php?mod=logging&action=login");
}
}
if (isset($this->var['setting']['nocacheheaders']) && $this->var['setting']['nocacheheaders']) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
$lastact = TIMESTAMP . "\t" . dhtmlspecialchars(basename($this->var['PHP_SELF'])) . "\t" . dhtmlspecialchars($this->var['mod']);
dsetcookie('lastact', $lastact, 86400);
setglobal('currenturl_encode', base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
}
if (!ipaccess($_G['clientip'], $settingnew['ipaccess'])) {
cpmsg('setting_ipaccess_invalid', '', 'error');
}
}
}
if (isset($settingnew['commentitem'])) {
foreach ($settingnew['commentitem'] as $k => $v) {
if (!is_int($k)) {
$settingnew['commentitem'][$k] = $k . chr(0) . chr(0) . chr(0) . $v;
}
}
$settingnew['commentitem'] = implode("\t", $settingnew['commentitem']);
}
if (isset($settingnew['adminipaccess'])) {
if ($settingnew['adminipaccess'] = trim(preg_replace("/(\\s*(\r\n|\n\r|\n|\r)\\s*)/", "\r\n", $settingnew['adminipaccess']))) {
if (!ipaccess($_G['clientip'], $settingnew['adminipaccess'])) {
cpmsg('setting_adminipaccess_invalid', '', 'error');
}
}
}
if (isset($settingnew['welcomemsgtitle'])) {
$settingnew['welcomemsgtitle'] = cutstr(trim(dhtmlspecialchars($settingnew['welcomemsgtitle'])), 75);
}
if (isset($settingnew['showsignatures']) && isset($settingnew['showavatars']) && isset($settingnew['showimages'])) {
$settingnew['showsettings'] = bindec($settingnew['showsignatures'] . $settingnew['showavatars'] . $settingnew['showimages']);
}
if (!empty($settingnew['globalstick'])) {
updatecache('globalstick');
}
if (isset($settingnew['inviteconfig'])) {
if ($settingnew['inviteconfig']['invitecodeprice']) {
include_once dirname(__FILE__) . '/include/general.inc.php';
include_once M_ROOT . './include/admin.fun.php';
if ($sid) {
load_cache('alangs,amsgs,langs,mnlangss');
$langs = $alangs + $mnlangss;
$langs = $langs + $mnlangss;
} else {
load_cache('alangs,amsgs,langs,mnlangs');
$langs = $alangs + $mnlangs;
$langs = $langs + $mnlangs;
}
$lan_title = '网站管理后台';
$aflag = '';
if (!$memberid || !$curuser->isadmin()) {
$aflag = 'off';
} elseif ($adminipaccess && !ipaccess($onlineip, $adminipaccess)) {
$aflag = 'ipdenied';
} else {
$query = $db->query("SELECT * FROM {$tblprefix}asession WHERE mid='{$memberid}' AND dateline+3600>'{$timestamp}'", 'SILENT');
if ($db->error()) {
$db->query("DROP TABLE IF EXISTS {$tblprefix}asession");
$db->query("CREATE TABLE {$tblprefix}asession (mid mediumint(8) UNSIGNED NOT NULL default '0',\n\t\tip char(15) NOT NULL default '',\n\t\tdateline int(10) unsigned NOT NULL default '0',\n\t\terrorcount tinyint(1) NOT NULL default '0',\n\t\tPRIMARY KEY (mid))" . (mysql_get_server_info() > '4.1' ? " ENGINE=MYISAM DEFAULT CHARSET={$dbcharset}" : " TYPE=MYISAM"));
#$aflag = 'recheck';
} else {
if ($asession = $db->fetch_array($query)) {
if ($asession['errorcount'] == -1) {
$db->query("UPDATE {$tblprefix}asession SET dateline='{$timestamp}' WHERE mid='{$memberid}'", 'UNBUFFERED');
$aflag = 'on';
} elseif ($asession['errorcount'] <= 3) {
#$aflag = 'recheck';
} else {
if (isset($settingsnew['censoruser'])) {
$settingsnew['censoruser'] = trim(preg_replace("/\\s*(\r\n|\n\r|\n|\r)\\s*/", "\r\n", $settingsnew['censoruser']));
}
if (isset($settingsnew['ipregctrl'])) {
$settingsnew['ipregctrl'] = trim(preg_replace("/\\s*(\r\n|\n\r|\n|\r)\\s*/", "\r\n", $settingsnew['ipregctrl']));
}
if (isset($settingsnew['ipaccess'])) {
if ($settingsnew['ipaccess'] = trim(preg_replace("/(\\s*(\r\n|\n\r|\n|\r)\\s*)/", "\r\n", $settingsnew['ipaccess']))) {
if (!ipaccess($onlineip, $settingsnew['ipaccess'])) {
cpmsg('settings_ipaccess_invalid', '', 'error');
}
}
}
if (isset($settingsnew['adminipaccess'])) {
if ($settingsnew['adminipaccess'] = trim(preg_replace("/(\\s*(\r\n|\n\r|\n|\r)\\s*)/", "\r\n", $settingsnew['adminipaccess']))) {
if (!ipaccess($onlineip, $settingsnew['adminipaccess'])) {
cpmsg('settings_adminipaccess_invalid', '', 'error');
}
}
}
if (isset($settingsnew['welcomemsgtitle'])) {
$settingsnew['welcomemsgtitle'] = cutstr(trim(dhtmlspecialchars($settingsnew['welcomemsgtitle'])), 75);
}
if (isset($settingsnew['showsignatures']) && isset($settingsnew['showavatars']) && isset($settingsnew['showimages'])) {
$settingsnew['showsettings'] = bindec($settingsnew['showsignatures'] . $settingsnew['showavatars'] . $settingsnew['showimages']);
}
if (!empty($settingsnew['globalstick'])) {
updatecache('globalstick');
}
if (isset($settingsnew['inviteconfig'])) {
$settingsnew['inviteconfig'] = addslashes(serialize($settingsnew['inviteconfig']));
function isIpAccess($type)
{
!in_array($type, array('ipaccess', 'adminipaccess')) && ($type = 'ipaccess');
$ip = get_client_ip();
$accesslist = model('Xdata')->get('admin_Config:access');
$accesslist = $accesslist[$type];
$result = ipaccess($ip, $accesslist);
return $result;
}
protected function _init_misc()
{
if ($this->config['security']['urlxssdefend'] && !defined('DISABLEXSSCHECK')) {
$this->_xss_check();
}
// if(!$this->init_misc) {
// return false;
// }
lang('core');
if ($this->init_setting && $this->init_user) {
if (!isset($this->var['member']['timeoffset']) || $this->var['member']['timeoffset'] == 9999 || $this->var['member']['timeoffset'] === '') {
$this->var['member']['timeoffset'] = $this->var['setting']['timeoffset'];
}
}
$timeoffset = $this->init_setting ? $this->var['member']['timeoffset'] : $this->var['setting']['timeoffset'];
$this->var['timenow'] = array('time' => dgmdate(TIMESTAMP), 'offset' => $timeoffset >= 0 ? $timeoffset == 0 ? '' : '+' . $timeoffset : $timeoffset);
$this->timezone_set($timeoffset);
$this->var['formhash'] = formhash();
define('FORMHASH', $this->var['formhash']);
if ($this->init_user) {
$allowvisitflag = in_array(CURSCRIPT, array('member')) || defined('ALLOWGUEST') && ALLOWGUEST;
if ($this->var['group'] && isset($this->var['group']['allowvisit']) && !$this->var['group']['allowvisit']) {
if ($this->var['uid'] && !$allowvisitflag) {
if (!defined('IN_MOBILE_API')) {
showmessage('user_banned');
} else {
mobile_core::result(array('error' => 'user_banned'));
}
} elseif ((!defined('ALLOWGUEST') || !ALLOWGUEST) && !in_array(CURSCRIPT, array('member', 'api')) && !$this->var['inajax']) {
if (!defined('IN_MOBILE_API')) {
dheader('location: member.php?mod=logging&action=login&referer=' . rawurlencode($this->var['siteurl'] . $this->var['basefilename'] . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : '')));
} else {
mobile_core::result(array('error' => 'to_login'));
}
}
}
if (isset($this->var['member']['status']) && $this->var['member']['status'] == -1 && !$allowvisitflag) {
if (!defined('IN_MOBILE_API')) {
showmessage('user_banned');
} else {
mobile_core::result(array('error' => 'user_banned'));
}
}
}
if ($this->var['setting']['ipaccess'] && !ipaccess($this->var['clientip'], $this->var['setting']['ipaccess'])) {
if (!defined('IN_MOBILE_API')) {
showmessage('user_banned');
} else {
mobile_core::result(array('error' => 'user_banned'));
}
}
if ($this->var['setting']['bbclosed']) {
if ($this->var['uid'] && ($this->var['group']['allowvisit'] == 2 || $this->var['groupid'] == 1)) {
} elseif (in_array(CURSCRIPT, array('admin', 'member', 'api')) || defined('ALLOWGUEST') && ALLOWGUEST) {
} else {
$closedreason = C::t('common_setting')->fetch('closedreason');
$closedreason = str_replace(':', ':', $closedreason);
if (!defined('IN_MOBILE_API')) {
// showmessage($closedreason ? $closedreason : 'board_closed', NULL, array('adminemail' => $this->var['setting']['adminemail']), array('login' => 1));
$closedreason = $closedreason ? $closedreason : lang('message', 'board_closed');
WebUtils::endAppWithErrorInfo(array(), WebUtils::emptyHtml($closedreason));
} else {
mobile_core::result(array('error' => $closedreason ? $closedreason : 'board_closed'));
}
}
}
if (CURSCRIPT != 'admin' && !in_array($this->var['mod'], array('logging', 'seccode'))) {
periodscheck('visitbanperiods');
}
if (defined('IN_MOBILE')) {
$this->var['tpp'] = $this->var['setting']['mobile']['mobiletopicperpage'] ? intval($this->var['setting']['mobile']['mobiletopicperpage']) : 20;
$this->var['ppp'] = $this->var['setting']['mobile']['mobilepostperpage'] ? intval($this->var['setting']['mobile']['mobilepostperpage']) : 5;
} else {
$this->var['tpp'] = $this->var['setting']['topicperpage'] ? intval($this->var['setting']['topicperpage']) : 20;
$this->var['ppp'] = $this->var['setting']['postperpage'] ? intval($this->var['setting']['postperpage']) : 10;
}
if ($this->var['setting']['nocacheheaders']) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
if ($this->session->isnew && $this->var['uid']) {
updatecreditbyaction('daylogin', $this->var['uid']);
include_once libfile('function/stat');
updatestat('login', 1);
if (defined('IN_MOBILE')) {
updatestat('mobilelogin', 1);
}
if ($this->var['setting']['connect']['allow'] && $this->var['member']['conisbind']) {
updatestat('connectlogin', 1);
}
}
if (isset($this->var['member']['conisbind']) && $this->var['member']['conisbind'] && $this->var['setting'] && $this->var['setting']['connect']['newbiespan'] !== '') {
$this->var['setting']['newbiespan'] = $this->var['setting']['connect']['newbiespan'];
}
$lastact = TIMESTAMP . "\t" . dhtmlspecialchars(basename($this->var['PHP_SELF'])) . "\t" . dhtmlspecialchars($this->var['mod']);
dsetcookie('lastact', $lastact, 86400);
setglobal('currenturl_encode', base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
if ((!empty($_GET['fromuid']) || !empty($_GET['fromuser'])) && ($this->var['setting']['creditspolicy']['promotion_visit'] || $this->var['setting']['creditspolicy']['promotion_register'])) {
require_once libfile('misc/promotion', 'include');
}
$this->var['seokeywords'] = !empty($this->var['setting']['seokeywords'][CURSCRIPT]) ? $this->var['setting']['seokeywords'][CURSCRIPT] : '';
$this->var['seodescription'] = !empty($this->var['setting']['seodescription'][CURSCRIPT]) ? $this->var['setting']['seodescription'][CURSCRIPT] : '';
}
function check_cpaccess()
{
global $_G;
$session = array();
if (!$this->adminuser['uid']) {
$this->cpaccess = 0;
} else {
if (!$this->isfounder) {
$session = C::t('common_admincp_member')->fetch($this->adminuser['uid']);
if ($session) {
$session = array_merge($session, C::t('common_admincp_session')->fetch($this->adminuser['uid'], $this->panel));
}
} else {
$session = C::t('common_admincp_session')->fetch($this->adminuser['uid'], $this->panel);
}
// 没有权限记录或者创始人没有session记录
if (empty($session)) {
$this->cpaccess = $this->isfounder ? 1 : -2;
// IP 不在允许范围内
} elseif ($_G['setting']['adminipaccess'] && !ipaccess($_G['clientip'], $_G['setting']['adminipaccess'])) {
$this->do_user_login();
// 有权限记录,但是没有session
} elseif ($session && empty($session['uid'])) {
$this->cpaccess = 1;
// 有权限记录,有session, 但是 session 过期
} elseif ($session['dateline'] < $this->sessionlimit) {
$this->cpaccess = 1;
// 有权限记录,有session, 尚未过期, 但是 ip 变更 且后台设置必须追踪ip
} elseif ($this->cpsetting['checkip'] && $session['ip'] != $this->core->var['clientip']) {
$this->cpaccess = 1;
// 有权限记录, 但是尚未登录成功,并在允许登录次数内
} elseif ($session['errorcount'] >= 0 && $session['errorcount'] <= 3) {
$this->cpaccess = 2;
// 有权限记录, 且正常状态
} elseif ($session['errorcount'] == -1) {
$this->cpaccess = 3;
// 有权限记录,但是面板已经锁定
} else {
$this->cpaccess = -1;
}
}
if ($this->cpaccess == 2 || $this->cpaccess == 3) {
if (!empty($session['customperm'])) {
$session['customperm'] = dunserialize($session['customperm']);
}
}
$this->adminsession = $session;
// 有post提交,但无身份或者尚未登录成功, 则判断登录情况
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['admin_password'])) {
if ($this->cpaccess == 2) {
$this->check_admin_login();
} elseif ($this->cpaccess == 0) {
$this->check_user_login();
}
}
if ($this->cpaccess == 1) {
C::t('common_admincp_session')->delete($this->adminuser['uid'], $this->panel, $this->sessionlife);
C::t('common_admincp_session')->insert(array('uid' => $this->adminuser['uid'], 'adminid' => $this->adminuser['adminid'], 'panel' => $this->panel, 'ip' => $this->core->var['clientip'], 'dateline' => TIMESTAMP, 'errorcount' => 0));
} elseif ($this->cpaccess == 3) {
$this->load_admin_perms();
C::t('common_admincp_session')->update($this->adminuser['uid'], $this->panel, array('dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1));
}
if ($this->cpaccess != 3) {
$this->do_user_login();
}
}
/*
[UCenter Home] (C) 2007-2008 Comsenz Inc.
$Id: admincp_ip.php 12776 2009-07-20 07:57:21Z zhengqingpeng $
*/
if (!defined('IN_UCHOME') || !defined('IN_ADMINCP')) {
exit('Access Denied');
}
// Check Permissions
if (!checkperm('manageip')) {
cpmessage('no_authority_management_operation');
}
if (submitcheck('thevaluesubmit')) {
$setarr = array();
//ip permission check
$_POST['config']['ipaccess'] = trim(preg_replace("/(\\s*(\r\n|\n\r|\n|\r)\\s*)/", "\r\n", $_POST['config']['ipaccess']));
if (!ipaccess($_POST['config']['ipaccess'])) {
cpmessage('ip_is_not_allowed_to_visit_the_area', '', 1, array($_SGLOBAL[onlineip]));
}
//ip½ûÖ¹
$_POST['config']['ipbanned'] = saddslashes(trim(preg_replace("/(\\s*(\r\n|\n\r|\n|\r)\\s*)/", "\r\n", $_POST['config']['ipbanned'])));
if (ipbanned($_POST['config']['ipbanned'])) {
cpmessage('the_prohibition_of_the_visit_within_the_framework_of_ip', '', 1, array($_SGLOBAL[onlineip]));
}
foreach ($_POST['config'] as $var => $value) {
$value = trim($value);
if (!isset($_SCONFIG[$var]) || $_SCONFIG[$var] != $value) {
$setarr[] = "('{$var}', '{$value}')";
}
}
if ($setarr) {
$_SGLOBAL['db']->query("REPLACE INTO " . tname('config') . " (var, datavalue) VALUES " . implode(',', $setarr));
*/
define('IN_ADMINCP', TRUE);
define('NOROBOT', TRUE);
require_once './include/common.inc.php';
require_once DISCUZ_ROOT . './admin/global.func.php';
require_once DISCUZ_ROOT . './include/cache.func.php';
$discuz_action = 211;
include language('admincp');
if ($adminid <= 0) {
$cpaccess = 0;
} else {
if (!$discuz_secques && $admincp['forcesecques']) {
cpheader();
cpmsg('secques_invalid');
}
if ($adminipaccess && $adminid == 1 && !ipaccess($onlineip, $adminipaccess)) {
$cpaccess = 2;
} else {
$addonlineip = $admincp['checkip'] ? "AND ip='{$onlineip}'" : '';
$query = $db->query("SELECT errorcount FROM {$tablepre}adminsessions WHERE uid='{$discuz_uid}' {$addonlineip} AND dateline+1800>'{$timestamp}'", 'SILENT');
if ($db->error()) {
$db->query("DROP TABLE IF EXISTS {$tablepre}adminsessions");
$db->query("CREATE TABLE {$tablepre}adminsessions (uid mediumint(8) UNSIGNED NOT NULL default '0', ip char(15) NOT NULL default '', dateline int(10) unsigned NOT NULL default '0', errorcount tinyint(1) NOT NULL default '0')");
$cpaccess = 1;
} else {
if ($session = $db->fetch_array($query)) {
if ($session['errorcount'] == -1) {
$db->query("UPDATE {$tablepre}adminsessions SET dateline='{$timestamp}' WHERE uid='{$discuz_uid}'", 'UNBUFFERED');
$cpaccess = 3;
} elseif ($session['errorcount'] <= 3) {
$cpaccess = 1;
function _init_misc()
{
if (!$this->init_misc) {
return false;
}
lang('core');
if ($this->init_setting && $this->init_user) {
if (!isset($this->var['member']['timeoffset']) || $this->var['member']['timeoffset'] == 9999 || $this->var['member']['timeoffset'] === '') {
$this->var['member']['timeoffset'] = !empty($this->var['setting']['timeoffset']) ? $this->var['setting']['timeoffset'] : 8;
}
}
$timeoffset = $this->init_setting ? $this->var['member']['timeoffset'] : $this->var['setting']['timeoffset'];
$this->var['timenow'] = array('time' => dgmdate(TIMESTAMP), 'offset' => $timeoffset >= 0 ? $timeoffset == 0 ? '' : '+' . $timeoffset : $timeoffset);
$this->timezone_set($timeoffset);
$this->var['formhash'] = formhash();
define('FORMHASH', $this->var['formhash']);
if ($this->init_user) {
if ($this->var['group'] && isset($this->var['group']['allowvisit']) && !$this->var['group']['allowvisit']) {
if ($this->var['uid']) {
sysmessage('user_banned', null);
} elseif ((!defined('ALLOWGUEST') || !ALLOWGUEST) && !in_array(CURSCRIPT, array('member', 'misc', 'api')) && !$this->var['inajax']) {
dheader('location: member.php?mod=logging&action=login&referer=' . rawurlencode($_SERVER['REQUEST_URI']));
}
}
}
if (!empty($this->var['setting']['ipaccess']) && !ipaccess($this->var['clientip'], $this->var['setting']['ipaccess'])) {
sysmessage('user_banned', null);
}
if (CURSCRIPT != 'admin' && !in_array($this->var['mod'], array('logging', 'seccode'))) {
periodscheck('visitbanperiods');
}
$this->var['tpp'] = !empty($this->var['setting']['topicperpage']) ? intval($this->var['setting']['topicperpage']) : 20;
$this->var['ppp'] = !empty($this->var['setting']['postperpage']) ? intval($this->var['setting']['postperpage']) : 10;
if (!empty($this->var['setting']['nocacheheaders'])) {
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
}
$lastact = TIMESTAMP . "\t" . htmlspecialchars(basename($this->var['PHP_SELF'])) . "\t" . htmlspecialchars($this->var['mod']);
dsetcookie('lastact', $lastact, 86400);
setglobal('currenturl_encode', base64_encode('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']));
}