function parse_content(&$toparse)
{
$toparse = htmlspecialchars_decode($toparse);
$explo = explode('|', $toparse);
foreach ($explo as $index => $part) {
$part = trim($part);
if ($part[0] == '+') {
$func = explode(',', $part, 4);
switch ($func[0]) {
case "+img":
$explo[$index] = imgtag($func[1], $func[2]);
break;
case "+spacer":
$explo[$index] = spacertag($func[1]);
break;
case "+atvgall":
$explo[$index] = build_atv_gallery();
break;
case "+imagegall":
$explo[$index] = '<h1>Image Gallery</h1>' . imageupload() . '<p><br><br></p>' . delimage() . '<p><br><br></p>' . buildgallery();
break;
case "+csv":
$explo[$index] = csvfileupload();
break;
case "+viparea":
$explo[$index] = viparea();
break;
case "+dbviewer":
$explo[$index] = dbcontrol() . printusers() . printfiles() . printnotes() . printcms();
break;
case "+filedeposit":
$explo[$index] = filedeposit();
break;
case "+newsfeed":
$explo[$index] = build_newsfeed();
break;
case "+projfeed":
$explo[$index] = build_projectfeed($func[1]);
break;
case "+login":
$explo[$index] = login_page();
break;
case "+contactprofile":
$explo[$index] = profilepage();
break;
}
}
}
$toparse = implode($explo);
}
function check_login()
{
if ($_SESSION['username'] != "" && $_SESSION['password'] != "") {
if (!check_user_pw($_SESSION['username'], $_SESSION['password'], true)) {
login_page();
}
} else {
if ($_COOKIE['username'] != "" && $_COOKIE['password'] != "" && $_COOKIE['rights'] == "admin") {
$_SESSION['username'] = $_COOKIE['username'];
$_SESSION['password'] = $_COOKIE['password'];
$_SESSION['rights'] = $_COOKIE['rights'];
if (!check_user_pw($_SESSION['username'], $_SESSION['password'], true)) {
login_page();
}
} else {
login_page();
}
}
}
}
if (!TMAGIC_QUOTES_GPC) {
$_GET = taddslashes($_GET);
$_POST = taddslashes($_POST);
$_COOKIE = taddslashes($_COOKIE);
}
if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
show_msg('您当前的访问请求当中含有非法字符,已经被系统拒绝');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) {
$_GET = array_merge($_GET, $_POST);
}
$actionarray = array('updatecache', 'setadmin', 'closesite', 'repairdb', 'restoredb', 'logout', 'index', 'updatesuccess', 'login');
$action = in_array($_GET['action'], $actionarray) ? $_GET['action'] : 'index';
if (!is_login()) {
login_page();
exit;
}
if (isset($action) && $action == 'updatecache') {
include_once TDISCUZ_ROOT . './source/class/class_core.php';
include_once TDISCUZ_ROOT . './source/function/function_core.php';
$cachelist = array();
$discuz =& discuz_core::instance();
$discuz->cachelist = $cachelist;
$discuz->init_cron = false;
$discuz->init_setting = false;
$discuz->init_user = false;
$discuz->init_session = false;
$discuz->init_misc = false;
$discuz->init();
$_G['siteurl'] = str_replace('source/plugin/tools/', '', $_G['siteurl']);
if ($_POST["recaptcha_response_field"] != '') {
$rsp = recaptcha_check_answer($conf->RC_PrivKey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$rsp->is_valid) {
$cap_rsp = $rsp->error;
}
} else {
$cap_rsp = 'incorrect-captcha-sol';
}
}
if (isset($_POST['username']) && isset($_POST['password']) && $cap_rsp == NULL) {
$session->login($_POST['username'], $_POST['password']);
}
$user = new User();
$smarty->assign("loggedinuser", preg_replace('/\\s/', ' ', $user->getFullName()));
if ($user->getId() == 0) {
login_page($smarty);
}
if (isset($_SERVER['PHP_SELF']) && basename($_SERVER['PHP_SELF']) != 'index.php') {
$smarty->assign("menu_current", $src . basename($_SERVER['PHP_SELF']));
} else {
$smarty->assign("menu_current", $base);
}
if ($user->isAdmin()) {
$smarty->assign("admin", "yes");
$smarty->assign("version", $conf->version);
} else {
$smarty->assign("admin", "no");
}
/*
*
* name: debug
<script src="<?php
echo get_file_url("js/md5_sha1.js");
?>
"></script>
<script>
var User_Reset_Cookie = function (type) {
$.post("<?php
echo get_url("UserApi", "reset_cookie");
?>
", {type: type}, function (data) {
if (data['status']) {
alert_notice("重置COOKIE成功");
if (type === "login") {
if (confirm("该操作将导致账户须重新登录,请确认?")) {
location.href = "<?php
echo login_page();
?>
";
}
}
} else {
alert_error(data['msg'], "重置失败");
}
});
}
$("#U_reset_cookie").click(function () {
User_Reset_Cookie("login");
});
$("#U_reset_cookie_salt").click(function () {
User_Reset_Cookie("salt");
});
/**
* 跳转到登录页面
* @var bool $echo 是否输出数据,还是作为跳转
* @return string|null
*/
function redirect_to_login($echo = false)
{
$page = login_page() . "?redirect=" . urlencode(URL_NOW);
if ($echo) {
return $page;
}
redirect($page);
return NULL;
}
function check_login($referer, $loginEmail, $loginPassword)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $connection;
global $HeaderString;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $adminLoginEmail;
global $abbrevInstitution;
global $tableAuth, $tableUserData, $tableUsers;
// defined in 'db.inc.php'
global $loc;
// Get the two character salt from the email address collected from the challenge
$salt = substr($loginEmail, 0, 2);
// Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table)
$crypted_password = crypt($loginPassword, $salt);
// CONSTRUCT SQL QUERY:
$query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
if (isset($_SESSION['formVars'])) {
// delete the 'formVars' session variable:
deleteSessionVariable("formVars");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
$userID = $row["user_id"];
// extract the user's userID from the last query
// Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message)
$query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// CONSTRUCT SQL QUERY
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
$row2 = mysql_fetch_array($result);
// EXTRACT results: fetch the one row into the array '$row2'
// Save the fetched user details to the session file:
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $row2["user_id"]);
saveSessionVariable("loginFirstName", $row2["first_name"]);
saveSessionVariable("loginLastName", $row2["last_name"]);
saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]);
saveSessionVariable("userLanguage", $row2["language"]);
saveSessionVariable("lastLogin", $row2["last_login"]);
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $row2["user_id"]);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $row2["user_id"]);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Get all user queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($row2["user_id"]);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Get all export formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation styles that were selected previously by the current user
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes($row2["user_id"], "style", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all document types that were selected previously by the current user
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes($row2["user_id"], "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions($row2["user_id"], "user", true);
// function 'getPermissions()' is defined in 'include.inc.php'
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView($row2["user_id"]);
// function 'getDefaultView()' is defined in 'include.inc.php'
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords($row2["user_id"]);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions($row2["user_id"]);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields($row2["user_id"]);
// function 'getMainFields()' is defined in 'include.inc.php'
// We also update the user's entry within the 'users' table:
$query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}";
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) {
header("Location: " . $referer);
} else {
header("Location: index.php");
}
// back to main page
} else {
// Ensure 'loginEmail' is not registered, so the user is not logged in
if (isset($_SESSION['loginEmail'])) {
// delete the 'loginEmail' session variable:
deleteSessionVariable("loginEmail");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
// Save an error message:
$HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
login_page($referer);
}
// -------------------
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
}
