function onsend()
{
$a = getgpc('a');
$do = getgpc('do');
$this->_auth();
$uid = $this->user['uid'];
$this->load('friend');
$totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3);
$friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array();
if (!$this->submitcheck()) {
$extra = 'extra=' . rawurlencode($_GET['extra']);
$type = !empty($_GET['type']) ? $_GET['type'] : '';
$pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0;
$daterange = $_GET['daterange'] ? intval($_GET['daterange']) : 1;
$touid = intval($_GET['touid']);
$plid = intval($_GET['plid']);
$folder = getgpc('folder');
$pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0);
$unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1);
$touser = '';
if ($pmid) {
$tmp = $_ENV['pm']->getpmbypmid($uid, $pmid);
$tmp = $tmp[0];
} else {
$tmp = array();
}
if (!empty($pmid)) {
if ($do == 'forward') {
$user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']);
$tmp['message'] = $this->lang['pm_from'] . ': ' . $tmp['author'] . "\n" . $this->lang['pm_to'] . ': ' . dhtmlspecialchars($user['username']) . "\n" . $this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" . '[quote]' . trim(preg_replace("/(\\[quote])(.*)(\\[\\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n";
}
} else {
!empty($_GET['msgto']) && ($touser = dhtmlspecialchars($_GET['msgto']));
!empty($_GET['subject']) && ($tmp['subject'] = $_GET['subject']);
!empty($_GET['message']) && ($tmp['message'] = $_GET['message']);
}
if ($this->settings['sendpmseccode']) {
$authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
$rand = rand(100000, 999999);
$seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720));
$this->view->assign('seccodeinit', $seccodeinit);
}
$this->view->assign('sendpmseccode', $this->settings['sendpmseccode']);
$this->view->assign('touser', $touser);
$this->view->assign('user', $this->user);
$this->view->assign('pmnum_private', $pmnum_private);
$this->view->assign('pmnum_chatpm', $pmnum_chatpm);
$this->view->assign('unreadpmnum', $unreadpmnum);
$this->view->assign('friends', $friends);
$this->view->assign('extra', $extra);
$this->view->assign('pmid', $pmid);
$this->view->assign('daterange', $daterange);
$this->view->assign('touid', $touid);
$this->view->assign('plid', $plid);
$this->view->assign('a', $a);
$this->view->assign('do', $do);
$this->view->assign('folder', $folder);
$tmp['message'] = dhtmlspecialchars($tmp['message']);
$this->view->assign('message', $tmp['message']);
$this->view->assign('type', $type);
$this->view->display('pm_send');
} else {
if ($this->settings['sendpmseccode']) {
$authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
$seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
$seccode = strtoupper(getgpc('seccode', 'P'));
$seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
require UC_ROOT . './lib/seccode.class.php';
if (!seccode::seccode_check($seccodehidden, $seccode)) {
$this->message('pm_send_seccode_error', 'BACK', 1);
}
}
$user = $_ENV['user']->get_user_by_uid($this->user['uid']);
$this->user['username'] = daddslashes($user['username'], 1);
$touid = intval(getgpc('touid'));
$daterange = intval(getgpc('daterange'));
$type = intval(getgpc('type'));
$replypmid = @is_numeric($_GET['replypmid']) ? $_GET['replypmid'] : 0;
$msgto = array();
if ($replypmid) {
$plid = $_ENV['pm']->getplidbypmid($replypmid);
$msgto = $_ENV['pm']->getuidbyplid($plid);
unset($msgto[$uid]);
} else {
if (!empty($_POST['msgto'])) {
$msgto = explode(',', $_POST['msgto']);
$msgto = $_ENV['user']->name2id($msgto);
}
}
if (isset($_POST['friend'])) {
$frienduids = array();
foreach ($friends as $friend) {
$frienduids[] = $friend['friendid'];
}
foreach ($_POST['friend'] as $friendid) {
if (in_array($friendid, $frienduids)) {
$msgto[] = $friendid;
}
}
}
if (!$msgto) {
$this->message('receiver_no_exists', 'BACK', 1);
}
$msgto = array_unique($msgto);
$countmsgto = count($msgto);
if ($this->settings['pmsendregdays']) {
if ($user['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) {
$this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays']));
}
}
if ($this->settings['chatpmmemberlimit']) {
if ($type == 1 && $countmsgto > $this->settings['chatpmmemberlimit'] - 1) {
$this->message('pm_send_chatpmmemberlimit_error', 'BACK', 1, array('$chatpmmemberlimit' => $this->settings['chatpmmemberlimit']));
}
}
if ($this->settings['pmfloodctrl']) {
if (!$_ENV['pm']->ispminterval($this->user['uid'], $this->settings['pmfloodctrl'])) {
$this->message('pm_send_pmfloodctrl_error', 'BACK', 1, array('$pmfloodctrl' => $this->settings['pmfloodctrl']));
}
}
if ($this->settings['privatepmthreadlimit']) {
if (!$_ENV['pm']->isprivatepmthreadlimit($this->user['uid'], $this->settings['privatepmthreadlimit'])) {
$this->message('pm_send_privatepmthreadlimit_error', 'BACK', 1, array('$privatepmthreadlimit' => $this->settings['privatepmthreadlimit']));
}
}
if ($this->settings['chatpmthreadlimit']) {
if (!$_ENV['pm']->ischatpmthreadlimit($this->user['uid'], $this->settings['chatpmthreadlimit'])) {
$this->message('pm_send_chatpmthreadlimit_error', 'BACK', 1, array('$chatpmthreadlimit' => $this->settings['chatpmthreadlimit']));
}
}
if ($replypmid) {
$lastpmid = $_ENV['pm']->replypm($plid, $this->user['uid'], $this->user['username'], $_POST['message']);
} else {
$lastpmid = $_ENV['pm']->sendpm($this->user['uid'], $this->user['username'], $msgto, '', $_POST['message'], $type);
}
if ($lastpmid > 0) {
if ($replypmid) {
if ($touid) {
$this->message('pm_send_succeed', "index.php?m=pm_client&a=view&touid={$touid}&daterange={$daterange}&filter=privatepm", 1);
} else {
$this->message('pm_send_succeed', "index.php?m=pm_client&a=view&plid={$plid}&daterange={$daterange}&filter=chatpm", 1);
}
} else {
if (!$type) {
$this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=privatepm', 1);
} else {
$this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=chatpm', 1);
}
}
} else {
$this->message('pm_send_ignore', 'BACK', 1);
}
}
}
function onlogin()
{
$authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
$this->load('user');
$username = getgpc('username', 'P');
$password = getgpc('password', 'P');
$iframe = getgpc('iframe') ? 1 : 0;
$isfounder = intval(getgpc('isfounder', 'P'));
$rand = rand(100000, 999999);
$seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 180));
$errorcode = 0;
if ($this->submitcheck()) {
if ($isfounder == 1) {
$username = '******';
}
$can_do_login = $_ENV['user']->can_do_login($username, $this->onlineip);
if (!$can_do_login) {
$errorcode = UC_LOGIN_ERROR_FAILEDLOGIN;
} else {
$seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
$seccode = strtoupper(getgpc('seccode', 'P'));
$seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
require UC_ROOT . './lib/seccode.class.php';
if (!seccode::seccode_check($seccodehidden, $seccode)) {
$errorcode = UC_LOGIN_ERROR_SECCODE;
} else {
$errorcode = UC_LOGIN_SUCCEED;
$this->user['username'] = $username;
if ($isfounder == 1) {
$this->user['username'] = '******';
$md5password = md5(md5($password) . UC_FOUNDERSALT);
if ($md5password == UC_FOUNDERPW) {
$username = $this->user['username'];
$this->view->sid = $this->sid_encode($this->user['username']);
} else {
$errorcode = UC_LOGIN_ERROR_FOUNDER_PW;
}
} else {
$admin = $this->db->fetch_first("SELECT a.uid,m.username,m.salt,m.password FROM " . UC_DBTABLEPRE . "admins a LEFT JOIN " . UC_DBTABLEPRE . "members m USING(uid) WHERE a.username='******'");
if (!empty($admin)) {
$md5password = md5(md5($password) . $admin['salt']);
if ($admin['password'] == $md5password) {
$this->view->sid = $this->sid_encode($admin['username']);
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_PW;
}
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS;
}
}
if ($errorcode == 0) {
$this->setcookie('sid', $this->view->sid, 86400);
$pwlen = strlen($password);
$this->user['admin'] = 1;
$this->writelog('login', 'succeed');
if ($iframe) {
header('location: admin.php?m=frame&a=main&iframe=1' . ($this->cookie_status ? '' : '&sid=' . $this->view->sid));
exit;
} else {
header('location: admin.php' . ($this->cookie_status ? '' : '?sid=' . $this->view->sid));
exit;
}
} else {
$this->writelog('login', 'error: user='******'username'] . '; password='******'user']->loginfailed($username, $this->onlineip);
}
}
}
}
$username = dhtmlspecialchars($username);
$password = dhtmlspecialchars($password);
$this->view->assign('seccodeinit', $seccodeinit);
$this->view->assign('username', $username);
$this->view->assign('password', $password);
$this->view->assign('isfounder', $isfounder);
$this->view->assign('errorcode', $errorcode);
$this->view->assign('iframe', $iframe);
$this->view->display('admin_login');
}
