/**
* Connect to the database and load user details
*
* @param $autoclean
* (optional) boolean - Check whether or not to run cleanup (default: false)
*/
function dbconn($autoclean = false)
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db, $THEME, $LANGUAGE, $LANG, $site_config;
$THEME = $LANGUAGE = null;
if (!ob_get_level()) {
if (extension_loaded('zlib') && !ini_get('zlib.output_compression')) {
ob_start('ob_gzhandler');
} else {
ob_start();
}
}
header("Content-Type: text/html;charset={$site_config['CHARSET']}");
function_exists("mysql_connect") or die("MySQL support not available.");
@mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die('DATABASE: mysql_connect: ' . mysql_error());
@mysql_select_db($mysql_db) or die('DATABASE: mysql_select_db: ' . mysql_error());
unset($mysql_pass);
//security
userlogin();
//Get user info
//Get language and theme
$CURUSER = $GLOBALS["CURUSER"];
$ss_a = mysql_fetch_assoc(SQL_Query_exec("select uri from stylesheets where id='" . ($CURUSER ? $CURUSER['stylesheet'] : $site_config['default_theme']) . "'"));
$THEME = $ss_a["uri"];
$lng_a = mysql_fetch_assoc(SQL_Query_exec("select uri from languages where id='" . ($CURUSER ? $CURUSER['language'] : $site_config['default_language']) . "'"));
$LANGUAGE = $lng_a["uri"];
require_once "languages/{$LANGUAGE}";
if ($autoclean) {
autoclean();
}
}
function processsubmission()
{
global $logged_in, $user, $HTTP_POST_VARS, $list_prefix, $HTTP_GET_VARS, $MAIN;
//lets make sure anonymous requests are accepted as "logged in".
if (isset($HTTP_POST_VARS['anonymous'])) {
$logged_in = 1;
$email = 'anonymous';
$username = '******';
} else {
$email = $user['email'];
$username = $user['username'];
}
//lets accept request from users who are not cookied but are logging in.
if (!$logged_in && isset($HTTP_POST_VARS['user'])) {
$user = userlogin($HTTP_POST_VARS['user'], $HTTP_POST_VARS['pass'], $HTTP_POST_VARS['automatic']);
if (0 != strcmp($user['email'], "anonymous")) {
$logged_in = 1;
$email = $user['email'];
$username = $user['username'];
}
}
//lets see if our user is logged in
if (!$logged_in) {
//if our user is not logged in we will redo the form for them with the data pre-entered.
submissionform_redo();
} else {
//if they are logged in we will process the request.
$req_date = time();
if (!is_numeric($HTTP_GET_VARS['request'])) {
die("HACKING ATTEMPT");
}
//we need to find out what the next id number is, add one to it, and then add it to the sql insert.
$sql = "SELECT * FROM " . $list_prefix . "praise_list ORDER BY `id` DESC;";
$result = db_query($sql);
if ($result) {
$rows = db_num_rows($result);
} else {
$rows = 0;
}
if ($rows > 0) {
$row = db_fetch_array($result);
$idval = $row['id'] + 1;
} else {
$idval = 1;
}
//lets do the sql insert
$sql = "INSERT INTO " . $list_prefix . "praise_list (id, request, praise, postdate, left_by, username) VALUES ('" . $idval . "', '" . $HTTP_GET_VARS['request'] . "', '" . $HTTP_POST_VARS['praise'] . "', '" . $req_date . "', '" . addslashes($email) . "', '" . $username . "');";
$result = db_query($sql);
if ($result) {
$CONTENT = "Your praise been processed.<BR>\r\n";
} else {
$CONTENT = "ERROR: the server was unable to process your praise at this time.<BR>\r\n";
$CONTENT .= "The SQL query was: " . $sql . "<BR>\r\n";
}
$WORK = insert_into_template($MAIN, "{CONTENT}", $CONTENT);
$WORK = filltemplate($WORK, "Leave Praise");
printf("%s", striptemplate($WORK));
}
}
function checkuser()
{
if ($_SESSION['user_status'] == true) {
$array = ['user_id' => $_SESSION['user_id'], 'user_status' => $_SESSION['user_status'], 'name' => $_SESSION['myname'], 'propic' => $_SESSION['propic']];
return json_encode($array);
} else {
userlogin();
$array = ['user_id' => $_SESSION['user_id'], 'user_status' => $_SESSION['user_status'], 'name' => $myname, 'propic' => $propic];
return json_encode($array);
}
}
public function login()
{
global $_G;
$validate_error = array();
//数据验证
$validate_error_rules = $this->rules();
if ($validate_error_rules !== true) {
return $validate_error_rules;
}
require_once libfile('function/member');
$input_email = $_POST['email'];
$input_password = $_POST['password'];
$input_rememberme = $_POST['rememberme'];
if (!($_G['member_loginperm'] = logincheck($input_email))) {
$validate_error['password'] = '******';
return $validate_error;
}
$result = userlogin($input_email, $input_password, 0, 0, 'email', $_G['clientip']);
if ($result['status'] <= 0) {
$password = preg_replace("/^(.{" . round(strlen($input_password) / 4) . "})(.+?)(.{" . round(strlen($input_password) / 6) . "})\$/s", "\\1***\\3", $input_password);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $input_email) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($input_email);
failedip();
if ($_G['member_loginperm'] > 1) {
$loginperm = $_G['member_loginperm'] - 1;
$validate_error['password'] = '******' . $loginperm . ' 次';
return $validate_error;
} elseif ($_G['member_loginperm'] == -1) {
$validate_error['password'] = '******';
return $validate_error;
} else {
$validate_error['password'] = '******';
return $validate_error;
}
} else {
setloginstatus($result['member'], $_GET['rememberme'] ? 2592000 : 0);
//是否记住密码,自动登录
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
//是否Ucenter同步登录
return true;
}
}
function dbconn($autoclean = false)
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
if (!@mysql_connect($mysql_host, $mysql_user, $mysql_pass)) {
switch (mysql_errno()) {
case 1040:
case 2002:
if ($_SERVER['REQUEST_METHOD'] == "GET") {
die("<html><head><meta http-equiv='refresh' content=\"5 {$_SERVER['REQUEST_URI']}\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
} else {
die("Too many users. Please press the Refresh button in your browser to retry.");
}
default:
die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());
}
}
mysql_select_db($mysql_db) or die('dbconn: mysql_select_db: ' . mysql_error());
userlogin();
if ($autoclean) {
register_shutdown_function("autoclean");
}
}
function on_login()
{
global $_G;
empty($mrefreshtime) && ($mrefreshtime = 2000);
if ($_G['uid']) {
$ucsynlogin = uc_user_synlogin($_G['uid']);
$param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['member']['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1));
}
if (!($_G['member_loginperm'] = logincheck())) {
showmessage('login_strike');
}
if (!submitcheck('loginsubmit', 1)) {
$_G['referer'] = dreferer();
$cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : '';
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
include template('member/login');
} else {
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
$result = userlogin($_G['gp_username'], $_G['gp_password'], null, null, 'auto');
if ($result['status'] > 0) {
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
$ucsynlogin = uc_user_synlogin($_G['uid']);
$message = 1;
$param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1));
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['member_loginperm']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
function check_user_login()
{
global $_G;
$admin_username = isset($_POST['admin_username']) ? trim($_POST['admin_username']) : '';
if ($admin_username != '') {
require_once libfile('function/member');
if (logincheck($_POST['admin_username'])) {
if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && $_G['config']['admincp']['forcesecques']) {
$this->do_user_login();
}
$result = userlogin($_POST['admin_username'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer']);
if ($result['status'] == 1) {
$cpgroupid = DB::result_first("SELECT uid FROM " . DB::table('common_admincp_member') . " WHERE uid='{$result['member']['uid']}'");
if ($cpgroupid || $this->checkfounder($result['member'])) {
DB::insert('common_admincp_session', array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $this->panel, 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true);
setloginstatus($result['member'], 0);
dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid')));
} else {
$this->cpaccess = -2;
}
} else {
loginfailed($_POST['admin_username']);
}
} else {
$this->cpaccess = -4;
}
}
}
function dbconn($do_clean = false)
{
global $dbhost, $dbuser, $dbpass, $database, $language;
if ($GLOBALS['persist']) {
$conres = $GLOBALS["___mysqli_ston"] = mysqli_connect($dbhost, $dbuser, $dbpass);
} else {
$conres = $GLOBALS["___mysqli_ston"] = mysqli_connect($dbhost, $dbuser, $dbpass);
}
if (!$conres) {
switch (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) {
case 1040:
case 2002:
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
die('<html><head><meta http-equiv=refresh content="20;' . $_SERVER['REQUEST_URI'] . '"></head><body><table border="0" width="100%" height="100%"><tr><td><h3 align="center">' . $language['ERR_SERVER_LOAD'] . '</h3></td></tr></table></body></html>');
}
die($language['ERR_CANT_CONNECT']);
default:
die('[' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) . '] dbconn: mysql_connect: ' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
}
}
if ($GLOBALS["charset"] == "UTF-8") {
do_sqlquery("SET NAMES utf8");
}
(bool) mysqli_query($GLOBALS["___mysqli_ston"], "USE {$database}") or die($language['ERR_CANT_OPEN_DB'] . ' ' . $database . ' - ' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
userlogin();
if ($do_clean) {
register_shutdown_function('cleandata');
}
}
function login()
{
/*{{{*/
require_once dirname(dirname(dirname(__FILE__))) . '/bigappjson.class.php';
$username = isset($_REQUEST["username"]) ? $_REQUEST["username"] : "";
$password = isset($_REQUEST["password"]) ? $_REQUEST["password"] : "";
global $_G;
$_GET['username'] = $username;
$_GET['password'] = $password;
////////////////////////////////////////////
//$_GET['questionid'] = $_GET['answer'] = '';
if (isset($_REQUEST['questionid'])) {
$questionid = intval($_REQUEST['questionid']);
} else {
$questionid = 0;
}
if (isset($_REQUEST['answer'])) {
$answer = $_REQUEST['answer'];
} else {
$answer = '';
}
if (function_exists('iconv')) {
$userName = iconv('UTF-8', CHARSET . '//ignore', $username);
$answer = iconv('UTF-8', CHARSET . '//ignore', $answer);
} else {
$userName = mb_convert_encoding($username, CHARSET, 'UTF-8');
$answer = mb_convert_encoding($answer, CHARSET, 'UTF-8');
}
////////////////////////////////////////////
$_GET['loginfield'] = 'username';
require_once libfile('function/member');
require_once libfile('class/member');
require_once libfile('function/misc');
require_once libfile('function/mail');
loaducenter();
if (!($_G['member_loginperm'] = logincheck($userName))) {
echo BIGAPPJSON::encode(array('error_code' => 3, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors'))));
die(0);
}
$result = userlogin($userName, $password, $questionid, $answer, 'username', $_G['clientip']);
if ($result['ucresult']['uid'] == '-3') {
echo BIGAPPJSON::encode(array('error_code' => 9, 'error_msg' => lang('plugin/bigapp', 'user_seq_question'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'user_seq_question'))));
die(0);
}
$uid = $_G['uid'] = $result['ucresult']['uid'];
$userName = $result['ucresult']['username'];
$userAvatar = avatar($_G['uid'], 'big', true);
$userAvatar = str_replace("\r", '', $userAvatar);
$userAvatar = str_replace("\n", '', $userAvatar);
$ctlObj = new logging_ctl();
$ctlObj->setting = $_G['setting'];
if ($result['status'] == -1) {
if (!$ctlObj->setting['fastactivation']) {
echo BIGAPPJSON::encode(array('error_code' => 5, 'error_msg' => lang('plugin/bigapp', 'activate_first'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed'))));
die(0);
}
$init_arr = explode(',', $ctlObj->setting['initcredits']);
$groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
if ($result['status'] > 0) {
if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) {
require_once $ctlObj->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
if (isset($result['member']['password'])) {
unset($result['member']['password']);
}
if (isset($result['member']['credits'])) {
unset($result['member']['credits']);
}
/////////////////////////////////////////////////
// 登录成功,进行绑定
$plat = $_GET["platform"];
if ($plat == "qq") {
include_once CUR_PATH . "/../qqconnect/bind.php";
} else {
if ($plat == 'wechat') {
include_once CUR_PATH . "/../wechatconnect/bind.php";
}
}
/////////////////////////////////////////////////
echo BIGAPPJSON::encode(array('error_code' => 0, 'error_msg' => lang('plugin/bigapp', 'bind_succ'), 'data' => $result['member'], 'Message' => array('messageval' => 'login_succeed', 'messagestr' => lang('plugin/bigapp', 'bind_succ')), 'Variables' => array('auth' => 'in order to be comapatible')));
die(0);
}
if ($_G['member_loginperm'] > 1) {
echo BIGAPPJSON::encode(array('error_code' => 6, 'error_msg' => lang('plugin/bigapp', 'login_failed'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed'))));
} elseif ($_G['member_loginperm'] == -1) {
echo BIGAPPJSON::encode(array('error_code' => 7, 'error_msg' => lang('plugin/bigapp', 'error_password'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'error_password'))));
} else {
echo BIGAPPJSON::encode(array('error_code' => 8, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors'))));
}
die(0);
}
function on_login()
{
global $_G;
if ($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$from_connect = $this->setting['connect']['allow'] && !empty($_GET['from']) ? 1 : 0;
$seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
$seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
if (!empty($_GET['auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE'));
$username = dhtmlspecialchars($username);
$auth = dhtmlspecialchars($_GET['auth']);
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if (!empty($_GET['auth'])) {
list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if ($_GET['fastloginfield']) {
$_GET['loginfield'] = $_GET['fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$uid = $result['ucresult']['uid'];
if (!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
$_GET['username'] = $result['ucresult']['username'];
$this->logging_more($result['ucresult']['uid'] == -3);
}
if ($result['status'] == -1) {
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
if ($invite['id']) {
$result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
if (!$result) {
C::t('common_invite')->update($invite['id'], array('fuid' => $uid, 'fusername' => $_G['username']));
updatestat('invite');
} else {
$invite = array();
}
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin);
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if (defined('IN_MOBILE')) {
showmessage($loginmessage, $location, $param, array('location' => true));
} else {
if (!empty($_GET['lssubmit'])) {
if (!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\\'", $location);
showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false, 'showdialog' => true));
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
if ($_G['member_loginperm'] > 1) {
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
} elseif ($_G['member_loginperm'] == -1) {
showmessage('login_password_invalid');
} else {
showmessage('login_strike');
}
}
}
}
function registerUser()
{
global $application;
$redirectUrl = '/dashboard/';
$get_params = getparametersvalform(array('name', 'emailadd', 'userpwd', 'phone'));
extract($get_params);
if (checkuseravailbyid($emailadd) == TRUE) {
if ($userpwd != '' && $emailadd != '') {
if (isValidEmail($emailadd)) {
$insert_id = Insertintouserprofile($name, $emailadd, md5($userpwd), $phone);
if (is_numeric($insert_id) && $insert_id > 0) {
userlogin($application, 'LOGIN');
}
} else {
$application->flash('reg_valid', 'Please enter valid Email Address');
$application->redirect('/');
}
} else {
$application->flash('reg_mand', 'Please Enter Email Address and Password');
$application->redirect('/');
}
} else {
$application->flash('reg_avail', 'This email is not available.');
$application->redirect('/');
}
}
$olddiscuz_user = $_G['username'];
$olddiscuz_userss = $_G['member']['username'];
if (!$user) {
$newuid = DB::result_first("SELECT uid FROM " . DB::table('common_member') . " WHERE username='******'gp_username']}'");
if (DB::result_first("SELECT COUNT(*) FROM " . DB::table('myrepeats') . " WHERE uid='{$newuid}' AND username='******'")) {
$username = htmlspecialchars($_G['gp_username']);
include template('myrepeats:switch_login');
exit;
}
showmessage('myrepeats:user_nonexistence');
} elseif ($user['locked']) {
$usernamess = stripslashes($_G['gp_username']);
showmessage('myrepeats:user_locked', '', array('user' => $usernamess));
}
list($password, $questionid, $answer) = explode("\t", authcode($user['logindata'], 'DECODE', $_G['config']['security']['authkey']));
$result = userlogin($_G['gp_username'], $password, $questionid, $answer);
$_G['myrepeats_ucresult'] = $result['ucresult'];
if ($result['status'] > 0) {
setloginstatus($result['member'], 2592000);
DB::query("UPDATE " . DB::table('myrepeats') . " SET lastswitch='" . TIMESTAMP . "' WHERE uid='{$olddiscuz_uid}' AND username='******'gp_username']}'");
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
dsetcookie('mrn', '');
dsetcookie('mrd', '');
$comment = $user['comment'] ? '(' . $user['comment'] . ') ' : '';
showmessage('myrepeats:login_succeed', $referer, array('user' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'comment' => $comment), array('showmsg' => 1, 'showdialog' => 1, 'locationtime' => 3, 'extrajs' => $ucsynlogin));
} elseif ($result['status'] == -1) {
clearcookies();
$_G['myrepeats_ucresult']['username'] = addslashes($_G['myrepeats_ucresult']['username']);
$_G['username'] = '';
$_G['uid'] = 0;
$auth = authcode($_G['myrepeats_ucresult']['username'] . "\t" . formhash(), 'ENCODE');
function dbconn($do_clean = false)
{
global $dbhost, $dbuser, $dbpass, $database, $HTTP_SERVER_VARS, $db;
/*
* Connect to Database.
*/
if ($GLOBALS["persist"]) {
$db = new mysqli($dbhost, $dbuser, $dbpass, $database);
} else {
$db = new mysqli($dbhost, $dbuser, $dbpass, $database);
}
if ($db->connect_error) {
die('Connect Error (' . $db->connect_errno . ') ' . $db->connect_error);
}
userlogin();
if ($do_clean) {
register_shutdown_function("cleandata");
}
}
function on_login()
{
global $_G;
if ($_G['uid']) {
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$seccodecheck = $_G['setting']['seccodestatus'] & 2;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodecheck)) {
$_G['referer'] = dreferer();
$thetimenow = '(GMT ' . ($_G['setting']['timeoffset'] > 0 ? '+' : '') . $_G['setting']['timeoffset'] . ') ' . dgmdate(TIMESTAMP, 'u') . ($cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : '');
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
$navtitle = lang('core', 'title_login');
include template('member/login');
} else {
if (!($_G['member_loginperm'] = logincheck())) {
showmessage('login_strike');
}
if ($_G['gp_fastloginfield']) {
$_G['gp_loginfield'] = $_G['gp_fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $_G['setting']['autoidselect'] ? 'auto' : $_G['gp_loginfield']);
if ($result['status'] > 0) {
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'");
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
include_once libfile('function/stat');
updatestat('login', 1);
updatecreditbyaction('daylogin', $_G['uid']);
checkusergroup($_G['uid']);
if ($invite['id']) {
DB::update("common_invite", array('fuid' => $uid, 'fusername' => $username), array('id' => $invite['id']));
updatestat('invite');
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
if (!empty($_G['inajax']) && empty($_G['gp_quickforward'])) {
$_G['setting']['msgforward'] = unserialize($_G['setting']['msgforward']);
$mrefreshtime = intval($_G['setting']['msgforward']['refreshtime']) * 1000;
loadcache('usergroups');
$usergroups = addslashes($_G['cache']['usergroups'][$_G['groupid']]['grouptitle']);
$message = 1;
include template('member/login');
} else {
$param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid'], 'syn' => $ucsynlogin ? 1 : 0);
if ($_G['groupid'] == 8) {
showmessage('login_succeed_inactive_member', 'home.php?mod=space&do=home', $param, array('extrajs' => $ucsynlogin));
} else {
showmessage('login_succeed', $invite ? 'home.php?mod=space&do=home' : dreferer(), $param, array('extrajs' => $ucsynlogin));
}
}
} elseif ($result['status'] == -1) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
$location = 'member.php?mod=' . $_G['setting']['regname'] . '&action=activation&auth=' . rawurlencode($auth);
if ($_G['inajax'] && empty($_G['gp_quickforward'])) {
$message = 2;
include template('member/login');
} else {
showmessage('login_activation', $location);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['member_loginperm']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
case 'add_user':
if (isset($_SESSION['logged_in']) && $_SESSION['level'] <= USER_SUPERUSER) {
add_user($page[1]);
}
break;
case 'register':
if (isset($CONFIG['login_required']) && $CONFIG['login_required'] == 1) {
register_user($page[1]);
}
break;
case 'login':
if (isset($CONFIG['login_required']) && $CONFIG['login_required'] == 1) {
if (isset($_SESSION['logged_in'])) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']));
} else {
userlogin($page[1]);
}
} else {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']));
}
break;
case 'admin':
if (isset($_SESSION['logged_in'])) {
/* already logged in */
} else {
adminlogin($page[1]);
}
break;
case 'bottom':
$query = "SELECT * FROM " . db_tablename('quotes') . " WHERE queue=0 and rating < 0 ORDER BY rating ASC LIMIT " . $limit;
quote_generation($query, lang('bottom_title'), -1);
function login()
{
//this function draws a complete login form
global $user, $HTTP_POST_VARS;
//lets make sure that if our user is logged in or logging in that we know it.
if (!isset($user)) {
$user = getuserinfo();
}
if (0 == strcmp($user['username'], "anonymous") && isset($HTTP_POST_VARS['user'])) {
$user = userlogin($HTTP_POST_VARS['user'], $HTTP_POST_VARS['pass'], $HTTP_POST_VARS['automatic']);
}
//lets see if we need to present the user with a login box
if (0 == strcmp($user['username'], "anonymous")) {
if (iset($_SERVER["QUERY_STRING"])) {
$url = $_SERVER["SCRIPT_NAME"] . "?" . $_SERVER["QUERY_STRING"] . "&login=1";
} else {
$url = $_SERVER["SCRIPT_NAME"] . "?login=1";
}
$WORK = "Please Enter your username and password to login:<BR>\r\n";
$WORK .= "<form method='post' action='" . $url . "'>\r\n";
$WORK .= "Username: <input type='text' name='user' size='20'><BR>\r\n";
$WORK .= "Password: <input type='password' name='pass' size='20'><BR>\r\n";
$WORK .= "Log me on automatically each visit: <input type='checkbox' name='automatic' checked><BR>\r\n";
$WORK .= "<input type='submit' value='Login'>\r\n";
$WORK .= "</form>\r\n";
} else {
$WORK = "You are currently logged in as " . $user['username'] . ".<BR>\r\n";
}
return $WORK;
}
function check_user_login()
{
global $_G;
$admin_email = isset($_POST['admin_email']) ? trim($_POST['admin_email']) : '';
if ($admin_email != '') {
if (logincheck($_POST['admin_email'])) {
if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && ($_G['config']['admincp']['forcesecques'] || $_G['group']['forcesecques'])) {
$this->do_user_login();
}
$result = userlogin($_POST['admin_email'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer'], 'auto', $this->core->var['clientip']);
if ($result['status'] == 1) {
if ($this->checkfounder($result['member']) || $result['member']['groupid'] == 1 || $result['member']['groupid'] == 2) {
C::t('admincp_session')->insert(array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $result['member']['groupid'], 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true);
setloginstatus($result['member'], 0);
dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid')));
} else {
$this->cpaccess = -2;
}
} else {
loginfailed($_POST['admin_email']);
}
} else {
$this->cpaccess = -4;
}
}
}
$olddiscuz_userss = $discuz_userss;
if(!$user) {
showmessage('myrepeats:user_nonexistence');
} elseif($user['locked']) {
$usernamess = stripslashes($username);
showmessage('myrepeats:user_locked');
}
list($password, $questionid, $answer) = explode("\t", authcode($user['logindata'], 'DECODE', $_DCACHE['settings']['authkey']));
$referer = dreferer();
if(!($loginperm = logincheck())) {
showmessage('myrepeats:login_strike');
}
$result = userlogin();
if($result > 0) {
$db->query("UPDATE {$tablepre}myrepeats SET lastswitch='$timestamp' WHERE uid='$olddiscuz_uid' AND username='******'", '');
$ucsynlogin = $allowsynlogin ? uc_user_synlogin($discuz_uid) : '';
dsetcookie('mrn', '', -1);
dsetcookie('mrd', '', -1);
$comment = $user['comment'] ? '('.$user['comment'].') ' : '';
if(!$db->result_first("SELECT COUNT(*) FROM {$tablepre}myrepeats WHERE uid='$discuz_uid' AND username='******'")) {
$olddiscuz_userssenc = rawurlencode($olddiscuz_userss);
showmessage('myrepeats:login_succeed_rsnonexistence');
} else {
showmessage('myrepeats:login_succeed', $referer);
}
} elseif($result == -1) {
$ucresult['username'] = addslashes($ucresult['username']);
$auth = authcode("$ucresult[username]\t".FORMHASH, 'ENCODE');
function on_login()
{
global $_G;
if ($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$from_connect = $this->setting['connect']['allow'] && !empty($_G['gp_from']) ? 1 : 0;
$seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
$seccodestatus = !empty($_G['gp_lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
if (!empty($_G['gp_auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_G['gp_auth'], 'DECODE'));
$username = htmlspecialchars($username);
if ($username && $password) {
$auth = htmlspecialchars($_G['gp_auth']);
} else {
$auth = '';
}
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_G['gp_cookietime']) ? 'checked="checked"' : '';
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) {
require_once libfile('member/' . $this->extrafile, 'module');
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if (!empty($_G['gp_auth'])) {
list($_G['gp_username'], $_G['gp_password']) = daddslashes(explode("\t", authcode($_G['gp_auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_G['gp_username']))) {
showmessage('login_strike');
}
if ($_G['gp_fastloginfield']) {
$_G['gp_loginfield'] = $_G['gp_fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_G['gp_password'] || $_G['gp_password'] != addslashes($_G['gp_password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $this->setting['autoidselect'] ? 'auto' : $_G['gp_loginfield']);
$uid = $result['ucresult']['uid'];
if (!empty($_G['gp_lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck && $result['status'] > 0)) {
$_G['gp_username'] = $result['ucresult']['username'];
$_G['gp_password'] = stripslashes($_G['gp_password']);
$this->logging_more($result['ucresult']['uid'] == -3);
}
if ($result['status'] == -1) {
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true));
} else {
$result = daddslashes($result);
$init_arr = explode(',', $this->setting['initcredits']);
DB::insert('common_member', array('uid' => $uid, 'username' => $result['ucresult']['username'], 'password' => md5(random(10)), 'email' => $result['ucresult']['email'], 'adminid' => 0, 'groupid' => $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'], 'regdate' => TIMESTAMP, 'credits' => $init_arr[0], 'timeoffset' => 9999));
DB::insert('common_member_status', array('uid' => $uid, 'regip' => $_G['clientip'], 'lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP, 'lastpost' => 0, 'lastsendmail' => 0));
DB::insert('common_member_profile', array('uid' => $uid));
DB::insert('common_member_field_forum', array('uid' => $uid));
DB::insert('common_member_field_home', array('uid' => $uid));
DB::insert('common_member_count', array('uid' => $uid, 'extcredits1' => $init_arr[1], 'extcredits2' => $init_arr[2], 'extcredits3' => $init_arr[3], 'extcredits4' => $init_arr[4], 'extcredits5' => $init_arr[5], 'extcredits6' => $init_arr[6], 'extcredits7' => $init_arr[7], 'extcredits8' => $init_arr[8]));
manyoulog('user', $uid, 'add');
$result['member'] = DB::fetch_first("SELECT * FROM " . DB::table('common_member') . " WHERE uid='{$uid}'");
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) {
require_once libfile('member/' . $this->extrafile, 'module');
}
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'");
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
if ($invite['id']) {
$result = DB::result_first("SELECT COUNT(*) FROM " . DB::table('common_invite') . " WHERE uid='{$invite['uid']}' AND fuid='{$uid}'");
if (!$result) {
DB::update("common_invite", array('fuid' => $uid, 'fusername' => $_G['username']), array('id' => $invite['id']));
updatestat('invite');
} else {
$invite = array();
}
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin);
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
if (empty($_G['gp_handlekey']) || !empty($_G['gp_lssubmit'])) {
if (defined('IN_MOBILE')) {
showmessage('location_login_succeed_mobile', $location, array('username' => $result['ucresult']['username']), array('location' => true));
} else {
if (!empty($_G['gp_lssubmit'])) {
if (!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\\'", $location);
showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false));
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['gp_username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
function dbconn($do_clean = false)
{
global $dbhost, $dbuser, $dbpass, $database, $HTTP_SERVER_VARS, $db;
/*
* Connect to Database.
*/
if ($GLOBALS["persist"]) {
$db = new mysqli($dbhost, $dbuser, $dbpass, $database);
} else {
$db = new mysqli($dbhost, $dbuser, $dbpass, $database);
}
/*
* This is the "official" OO way to do it,
* BUT $connect_error was broken until PHP 5.2.9 and 5.3.0.
*/
if ($db->connect_error) {
die('Connect Error (' . $db->connect_errno . ') ' . $db->connect_error);
}
$db->query("SET NAMES UTF8");
$db->query("SET collation_connection = 'utf8_general_ci'");
userlogin();
if ($do_clean) {
register_shutdown_function("cleandata");
}
}
function on_login() {
global $_G;
if($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
list($seccodecheck) = seccheck('login');
if(!empty($_GET['auth'])) {
$dauth = authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']);
list(,,,$secchecklogin2) = explode("\t", $dauth);
if($secchecklogin2) {
$seccodecheck = true;
}
}
$seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if(!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
if(!empty($_GET['auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']));
$username = dhtmlspecialchars($username);
$auth = dhtmlspecialchars($_GET['auth']);
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
if($seccodecheck) {
$seccode = random(6, 1) + $seccode{0} * 1000000;
}
if($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if(!empty($_GET['auth'])) {
list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey'])));
}
$loginhash = !empty($_GET['loginhash']) && preg_match('/^\w+$/', $_GET['loginhash']) ? $_GET['loginhash'] : '';
if(!($_G['member_loginperm'] = logincheck($_GET['username']))) {
captcha::report($_G['clientip']);
showmessage('login_strike');
}
if($_GET['fastloginfield']) {
$_GET['loginfield'] = $_GET['fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$uid = $result['ucresult']['uid'];
if(!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
$_GET['username'] = $result['ucresult']['username'];
$this->logging_more($result['ucresult']['uid'] == -3);
}
if($result['status'] == -1) {
if(!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username']."\t".FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod='.$this->setting['regname'].'&action=activation&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()), array(), array('location' => true));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if($result['status'] > 0) {
if($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
if($_G['group']['forcelogin']) {
if($_G['group']['forcelogin'] == 1) {
clearcookies();
showmessage('location_login_force_qq');
} elseif($_G['group']['forcelogin'] == 2 && $_GET['loginfield'] != 'email') {
clearcookies();
showmessage('location_login_force_mail');
}
}
if($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$pwold = false;
if($this->setting['strongpw'] && !$this->setting['pwdsafety']) {
if(in_array(1, $this->setting['strongpw']) && !preg_match("/\d+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(2, $this->setting['strongpw']) && !preg_match("/[a-z]+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(3, $this->setting['strongpw']) && !preg_match("/[A-Z]+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(4, $this->setting['strongpw']) && !preg_match("/[^a-zA-z0-9]+/", $_GET['password'])) {
$pwold = true;
}
}
if($_G['member']['adminid'] != 1) {
if($this->setting['accountguard']['loginoutofdate'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > 90 * 86400) {
C::t('common_member')->update($_G['uid'], array('freeze' => 2));
C::t('common_member_validate')->insert(array(
'uid' => $_G['uid'],
'submitdate' => TIMESTAMP,
'moddate' => 0,
'admin' => '',
'submittimes' => 1,
'status' => 0,
'message' => '',
'remark' => '',
), false, true);
manage_addnotify('verifyuser');
showmessage('location_login_outofdate', 'home.php?mod=spacecp&ac=profile&op=password&resend=1', array('type' => 1), array('showdialog' => true, 'striptags' => false, 'locationtime' => true));
}
if($this->setting['accountguard']['loginpwcheck'] && $pwold) {
$freeze = $pwold;
if($this->setting['accountguard']['loginpwcheck'] == 2 && $freeze) {
C::t('common_member')->update($_G['uid'], array('freeze' => 1));
}
}
}
$seccheckrule = & $_G['setting']['seccodedata']['rule']['login'];
if($seccheckrule['allow'] == 2) {
if($seccheckrule['nolocal']) {
require_once libfile('function/misc');
$lastipConvert = process_ipnotice(convertip($_G['member']['lastip']));
$nowipConvert = process_ipnotice(convertip($_G['clientip']));
if($lastipConvert != $nowipConvert && stripos($lastipConvert, $nowipConvert) == false && stripos($nowipConvert, $lastipConvert) == false) {
$seccodecheck = true;
}
}
if(!$seccodecheck && $seccheckrule['pwsimple'] && $pwold) {
$seccodecheck = true;
}
if(!$seccodecheck && $seccheckrule['outofday'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > $seccheckrule['outofday'] * 86400) {
$seccodecheck = true;
}
if(!$seccodecheck && $_G['member_loginperm'] < 4) {
$seccodecheck = true;
}
if(!$seccodecheck && $seccheckrule['numiptry']) {
$seccodecheck = failedipcheck($seccheckrule['numiptry'], $seccheckrule['timeiptry']);
}
if($seccodecheck && !$secchecklogin2) {
clearcookies();
$auth = authcode($_GET['username']."\t".$_GET['password']."\t".($result['ucresult']['uid'] == -3 ? 1 : 0)."\t1", 'ENCODE', $_G['config']['security']['authkey']);
$location = 'member.php?mod=logging&action=login&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()).(!empty($_GET['cookietime']) ? '&cookietime=1' : '');
if(defined('IN_MOBILE')) {
showmessage('login_seccheck2', $location);
} else {
$js = '<script type="text/javascript">location.href=\''.$location.'\'</script>';
showmessage('login_seccheck2', '', array('type' => 1), array('extrajs' => $js));
}
}
}
if($invite['id']) {
$result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
if(!$result) {
C::t('common_invite')->update($invite['id'], array('fuid'=>$uid, 'fusername'=>$_G['username']));
updatestat('invite');
} else {
$invite = array();
}
}
if($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if($invite['appid']) {
updatestat('appinvite');
}
}
$param = array(
'username' => $result['ucresult']['username'],
'usergroup' => $_G['group']['grouptitle'],
'uid' => $_G['member']['uid'],
'groupid' => $_G['groupid'],
'syn' => $ucsynlogin ? 1 : 0
);
$extra = array(
'showdialog' => true,
'locationtime' => true,
'extrajs' => $ucsynlogin
);
if(!$freeze || !$this->setting['accountguard']['loginpwcheck']) {
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
} else {
$loginmessage = 'login_succeed_password_change';
$location = 'home.php?mod=spacecp&ac=profile&op=password';
$_GET['lssubmit'] = 0;
}
if(empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if(defined('IN_MOBILE')) {
showmessage($loginmessage, $location, $param, array('location' => true));
} else {
if(!empty($_GET['lssubmit'])) {
if(!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\'", $location);
showmessage('location_login_succeed', $location, array(),
array(
'showid' => 'succeedmessage',
'extrajs' => '<script type="text/javascript">'.
'setTimeout("window.location.href =\''.$href.'\';", 3000);'.
'$(\'succeedmessage_href\').href = \''.$href.'\';'.
'$(\'main_message\').style.display = \'none\';'.
'$(\'main_succeed\').style.display = \'\';'.
'$(\'succeedlocation\').innerHTML = \''.lang('message', $loginmessage, $param).'\';</script>'.$ucsynlogin,
'striptags' => false,
'showdialog' => true
)
);
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{".round(strlen($_GET['password']) / 4)."})(.+?)(.{".round(strlen($_GET['password']) / 6)."})$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(
TIMESTAMP."\t".
($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username'])."\t".
$password."\t".
"Ques #".intval($_GET['questionid'])."\t".
$_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
failedip();
$fmsg = $result['ucresult']['uid'] == '-3' ? (empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid';
if($_G['member_loginperm'] > 1) {
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
} elseif($_G['member_loginperm'] == -1) {
showmessage('login_password_invalid');
} else {
showmessage('login_strike');
}
}
}
}
function api_login()
{
global $_G, $_POST;
if ($_POST) {
if (!empty($_POST['auth'])) {
list($_POST['email'], $_POST['password']) = daddslashes(explode("\t", authcode($_POST['auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
json_error(lang('message', 'login_strike'));
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_POST['password'] || $_POST['password'] != addslashes($_POST['password'])) {
json_error(lang('message', 'profile_passwd_illegal'));
}
$username = $_POST['uname'];
$result = userlogin($username, $_POST['password'], $_POST['questionid'], $_POST['answer'], 'auto', $_G['clientip']);
$uid = $result['ucresult']['uid'];
if ($result['status'] == -1) {
//不可能发生;
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
json_error(lang('message', 'location_activation'));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('user')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
} elseif ($result['status'] == -2) {
json_error('此用户已停用,请联系管理员');
} elseif ($_G['setting']['bbclosed'] > 0 && $result['member']['adminid'] != 1) {
json_error('站点关闭中,请联系管理员');
}
if ($result['status'] > 0) {
$token = md5($_G['uid'] . time());
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$tokenExit = DB::result_first('SELECT token FROM %t WHERE uid=%s', array('user_token', $_G['uid']));
$time = time();
if ($tokenExit) {
DB::query('update %t set token=%s,created_at=%s where uid=%s', array('user_token', $token, $time, $_G['uid']));
} else {
//C::t('user_token')->insert(array('token'=>$token,'created_at'=>time(),'uid'=>$_G['uid']));
DB::query('insert into %t values(%s,%s,%s)', array('user_token', $_G['uid'], $token, $time));
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => '');
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $_G['groupid'] == 8 ? 'index.php?open=password' : dreferer();
$data = array('username' => $result['ucresult']['username'], 'uid' => $_G['member']['uid'], 'token' => $token, 'avatar' => $_G['config']['common']['home_url'] . '/' . avatar($_G['member']['uid'], 'middle', true), 'email' => $result['ucresult']['email']);
if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if (defined('IN_MOBILE')) {
json_success(lang($loginmessage), $data);
} else {
if (!empty($_GET['lssubmit'])) {
json_success(lang($loginmessage), $data);
} else {
json_success(lang('location_login_succeed'), $data);
}
}
} else {
json_success(lang($loginmessage), $data);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['email'] ? $result['ucresult']['email'] : $_GET['email']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
if ($_G['member_loginperm'] > 1) {
json_error(lang($fmsg));
} elseif ($_G['member_loginperm'] == -1) {
json_error(lang('login_password_invalid'));
} else {
json_error(lang('login_strike'));
}
}
} else {
json_error('异常登录');
}
}
dheader('location: ' . $redirect);
} else {
dheader('location: ' . $_G['siteurl']);
}
}
} else {
dheader('location: ' . $_G['siteurl'] . 'member.php?mod=logging&action=login&referer=' . dreferer());
}
} elseif ($ac == 'login' && submitcheck('submit')) {
if (!($loginperm = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $_G['setting']['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
if ($result['status'] <= 0) {
loginfailed($_GET['username']);
failedip();
showmessage('login_invalid', '', array('loginperm' => $loginperm - 1));
}
if (!$_G['wechat']['setting']['wechat_qrtype']) {
if ($wechatuser) {
if ($result['member']['uid'] != $wechatuser['uid']) {
showmessage('wechat:wechat_openid_exists');
}
wechat_setloginstatus($result['member']['uid'], true);
} else {
WeChatHook::bindOpenId($result['member']['uid'], $openid);
wsq::report('bind');
}
/**
* 用户登录操作
*
* @author HanPengyu
* @param string $username 用户名.
* @param string $password 用户密码.
* @return
*/
public static function login($username, $password)
{
global $_G;
$_GET['username'] = $username;
$_GET['password'] = $password;
$_GET['questionid'] = $_GET['answer'] = '';
$_GET['loginfield'] = 'username';
require_once libfile('function/member');
require_once libfile('class/member');
require_once libfile('function/misc');
require_once libfile('function/mail');
loaducenter();
$invite = getinvite();
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (trim($_GET['username']) == '') {
return self::errorInfo('user_name_null');
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
// 密码错误次数过多,请 15 分钟后重新登录,后面还会进行判断
return self::errorInfo(lang('message', 'login_strike'));
}
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
// 抱歉,密码空或包含非法字符
return self::errorInfo(lang('message', 'profile_passwd_illegal'));
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], 'username', $_G['clientip']);
if ($result['ucresult']['uid'] == '-3') {
$userInfo = DzCommonMember::getUidByUsername($result['ucresult']['username']);
$result['ucresult']['uid'] = $userInfo['uid'];
$result['member'] = $userInfo;
$result['status'] = 1;
}
$uid = $_G['uid'] = $result['ucresult']['uid'];
$userName = $result['ucresult']['username'];
$userAvatar = UserUtils::getUserAvatar($uid);
$ctlObj = new logging_ctl();
$ctlObj->setting = $_G['setting'];
if ($result['status'] == -1) {
if (!$ctlObj->setting['fastactivation']) {
// 帐号没有激活
return self::errorInfo(Yii::t('mobcent', 'location_activation'));
} else {
// 自动激活
$init_arr = explode(',', $ctlObj->setting['initcredits']);
$groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
// [?]额外的文件
if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) {
require_once $ctlObj->extrafile;
}
// [封装]把登录信息写入到cookie,并且更新登录的状态等。Author:HanPengyu,Data:04.09.28
self::updateCookie($result['member'], $_G['uid']);
return self::errorInfo('', 0);
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
if ($_G['member_loginperm'] > 1) {
// 登录失败,还可以尝试几次
return self::errorInfo(lang('message', 'login_invalid', array('loginperm' => $_G['member_loginperm'] - 1)));
} elseif ($_G['member_loginperm'] == -1) {
// 抱歉,您输入的密码有误
return self::errorInfo(lang('message', 'login_password_invalid'));
} else {
// 密码错误次数过多,请 15 分钟后重新登录
return self::errorInfo(lang('message', 'login_strike'));
}
}
}
public function register()
{
global $_G;
$validate_error = array();
//数据验证
$validate_error_rules = $this->rules();
if ($validate_error_rules !== true) {
return $validate_error_rules;
}
$input_email = $_POST['email'];
$input_password = $_POST['password'];
$rand = rand(100, 999);
$newusername = '******' . $_G['timestamp'] . $rand;
//*注册数据提交
loaducenter();
$uid = uc_user_register(addslashes($newusername), $input_password, $input_email);
if ($uid <= 0) {
if ($uid == -4) {
$validate_error['email'] = 'Email 地址无效';
return $validate_error;
} elseif ($uid == -5) {
$validate_error['email'] = 'Email 包含不可使用的邮箱域名';
return $validate_error;
} elseif ($uid == -6) {
$validate_error['email'] = '该 Email 地址已经被注册';
return $validate_error;
} elseif ($uid == -1) {
$rand = rand(100, 999);
$newusername = '******' . $_G['timestamp'] . $rand;
$uid = uc_user_register(addslashes($newusername), $input_password, $input_email);
do {
$rand = rand(100, 999);
$newusername = '******' . $_G['timestamp'] . $rand;
$uid = uc_user_register(addslashes($newusername), $input_password, $input_email);
} while ($uid == -1);
} else {
$validate_error['email'] = '未知错误';
return $validate_error;
}
}
loadcache('fields_register');
$init_arr = explode(',', $_G['setting']['initcredits']);
$password = md5(random(10));
C::t('common_member')->insert($uid, $newusername, $password, $input_email, $_G['clientip'], 10, $init_arr, 0);
//直接登录
require_once libfile('function/member');
$result = userlogin($input_email, $input_password, 0, 0, 'email', $_G['clientip']);
setloginstatus($result['member'], 0);
//是否记住密码,自动登录
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
//是否Ucenter同步登录
return true;
}
function dbconn($autoclean = false)
{
global $lang_functions;
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
global $useCronTriggerCleanUp;
if (!mysql_connect($mysql_host, $mysql_user, $mysql_pass)) {
switch (mysql_errno()) {
case 1040:
case 2002:
die("<html><head><meta http-equiv=refresh content=\"10 {$_SERVER['REQUEST_URI']}\"><meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"></head><body><table border=0 width=100% height=100%><tr><td><h3 align=center>" . $lang_functions['std_server_load_very_high'] . "</h3></td></tr></table></body></html>");
default:
die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());
}
}
mysql_query("SET NAMES UTF8");
mysql_query("SET collation_connection = 'utf8_general_ci'");
mysql_query("SET sql_mode=''");
mysql_select_db($mysql_db) or die('dbconn: mysql_select_db: ' + mysql_error());
userlogin();
if (!$useCronTriggerCleanUp && $autoclean) {
register_shutdown_function("autoclean");
}
}
}
$config = $_G['cache']['plugin']['aljwsq'];
require_once 'source/plugin/aljwsq/function_core.php';
if ($_GET['act'] == 'bind') {
if (submitcheck('formhash')) {
$openid = (string) $_GET['openid'];
$check = C::t('common_member')->fetch_by_username($_GET['username']);
if (empty($check)) {
showmessage(lang('plugin/aljwsq', 'bind2'));
}
$user = C::t('#aljwsq#aljwsq_user')->fetch($openid);
if ($user['username']) {
showmessage(lang('plugin/aljwsq', 'bind3'));
}
require_once libfile('function/member');
$result = userlogin($_GET['username'], $_GET['password']);
if (empty($result['status'])) {
showmessage(lang('plugin/aljwsq', 'bind4'));
}
if (empty($openid)) {
showmessage(lang('plugin/aljwsq', 'bind5'));
}
$config = $_G['cache']['plugin']['aljwsq'];
if ($config['appid'] && $config['appsecret']) {
$url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=" . $config['appid'] . "&secret=" . $config['appsecret'];
$result = https_request($url);
$jsoninfo = json_decode($result, true);
$access_token = $jsoninfo["access_token"];
$url = "https://api.weixin.qq.com/cgi-bin/user/info?access_token=" . $access_token . "&openid=" . $_GET['openid'] . "&lang=zh_CN";
$wuser = https_request($url);
$wuser = json_decode($wuser, true);
function loggedinorreturn()
{
global $CONFIG;
userlogin();
if (!Isy_user::$current) {
header("Location: {$CONFIG['baseurl']}/login.php");
die;
}
}
function dbconn($autoclean = false)
{
global $INSTALLER09;
if (!@($GLOBALS["___mysqli_ston"] = mysqli_connect($INSTALLER09['mysql_host'], $INSTALLER09['mysql_user'], $INSTALLER09['mysql_pass']))) {
switch (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) {
case 1040:
case 2002:
if ($_SERVER['REQUEST_METHOD'] == "GET") {
die("<html><head><meta http-equiv='refresh' content=\"5 {$_SERVER['REQUEST_URI']}\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
} else {
die("Too many users. Please press the Refresh button in your browser to retry.");
}
default:
die("[" . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) . "] dbconn: mysql_connect: " . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
}
}
(bool) mysqli_query($GLOBALS["___mysqli_ston"], "USE {$INSTALLER09['mysql_db']}") or die('dbconn: mysql_select_db: ' . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
userlogin();
referer();
if ($autoclean) {
register_shutdown_function("autoclean");
}
}
showmessage(lang('plugin/autologin','tip_noinfo'),'home.php?mod=spacecp&ac=plugin&id=autologin:admincp');
}
if($_G['uid']&&$info['uid']&&$_G['uid']==$info['uid']){//当前已经是登陆状态
showmessage(lang('plugin/autologin','tip_loginok'),'index.php', array(), array('locationtime'=>true,'refreshtime'=>3, 'showdialog'=>1, 'showmsg' => true));
}
if($config_checkcode&&!submitcheck('codesubmit')){
include template('autologin:checkcode');
}else{
if($config_checkcode){
$code=addslashes(trim($_POST['code']));
if(!$code||$code!=$info['code']) showmessage(lang('plugin/autologin','codecheck_error'));
}
require_once libfile('function/member');
list($password,$questionid,$answer) = explode("\t", authcode($info['logindata'],'DECODE',$_G['config']['security']['authkey']));
$result = userlogin($info['username'],$password,$questionid,$answer,'username',$_G['clientip']);
if($result['status']>0) {
setloginstatus($result['member'],2592000);
dsetcookie('mrn', '');
dsetcookie('mrd', '');
$log=array(
'uid'=>$info['uid'],
'username'=>$info['username'],
'ip'=>$_G['clientip'],
'dateline'=>TIMESTAMP
);
DB::insert('autologin_log',$log);
showmessage(lang('plugin/autologin','tip_loginok'),'index.php', array(), array('locationtime'=>true,'refreshtime'=>3, 'showdialog'=>1, 'showmsg' => true));
}else{
showmessage(lang('plugin/autologin','tip_login_error'));
}
