function LogIn($username, $password, $must_be_admin = false) { LogOut(); if (($user_info = CheckCredentials($username, $password, $must_be_admin)) !== false) { $session_id = CreateSession($user_info['user_id']); setcookie(SESSION_COOKIE_NAME, $session_id); $_COOKIE[SESSION_COOKIE_NAME] = $session_id; } return $user_info; }
<?php include __DIR__ . '/common.php'; require __DIR__ . '/language/' . ForumLanguage . '/login.php'; $Error = ''; $ErrorCode = 101000; $UserName = ''; $ReturnUrl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER["HTTP_REFERER"]) : ''; if (isset($_GET['logout']) && $_GET['logout'] == $CurUserCode) { LogOut(); if ($ReturnUrl) { header('location: ' . $ReturnUrl); exit('logout'); } else { header('location: ' . $Config['WebsitePath'] . '/'); exit('logout'); } } if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) { if (!ReferCheck(Request('Post', 'FormHash'))) { AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403); } $ReturnUrl = htmlspecialchars(Request('Post', 'ReturnUrl')); $UserName = strtolower(Request('Post', 'UserName')); $Password = Request('Post', 'Password'); $Expires = min(intval(Request('Post', 'Expires', 30)), 30); //最多保持登陆30天 $VerifyCode = intval(Request('Post', 'VerifyCode')); do { if (!$UserName || !$Password || !$VerifyCode) { $Error = $Lang['Forms_Can_Not_Be_Empty'];
function CheckAuth() { $adminLib =& new adminlogin(); if (isset($_GET['p']) && $_GET['p'] == 'logout') { LogOut(); exit; } if (!isset($_SERVER['PHP_AUTH_USER'])) { auth(); } else { if (!isset($_SESSION['log'])) { $login = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; if ($adminLib->checkAdmin($login, $password)) { session_register('log'); $_SESSION['log'] = $login; } else { auth(); } } } }
function Close($message) { LogOut(); if (file_exists("Cookies.txt")) { unlink("Cookies.txt"); } echo $message . "\n"; sleep(2); die; }
function deleteAccount2($profile_vars, $post_errors, $memID) { global $user_info, $sourcedir, $context, $cur_profile, $modSettings, $smcFunc; // Try get more time... @set_time_limit(600); // !!! Add a way to delete pms as well? if (!$context['user']['is_owner']) { isAllowedTo('profile_remove_any'); } elseif (!allowedTo('profile_remove_any')) { isAllowedTo('profile_remove_own'); } checkSession(); $old_profile =& $cur_profile; // Too often, people remove/delete their own only account. if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1) { // Are you allowed to administrate the forum, as they are? isAllowedTo('admin_forum'); $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}members WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0) AND id_member != {int:selected_member} LIMIT 1', array('admin_group' => 1, 'selected_member' => $memID)); list($another) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if (empty($another)) { fatal_lang_error('at_least_one_admin', 'critical'); } } // This file is needed for the deleteMembers function. require_once $sourcedir . '/Subs-Members.php'; // Do you have permission to delete others profiles, or is that your profile you wanna delete? if ($memID != $user_info['id']) { isAllowedTo('profile_remove_any'); // Now, have you been naughty and need your posts deleting? // !!! Should this check board permissions? if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum')) { // Include RemoveTopics - essential for this type of work! require_once $sourcedir . '/RemoveTopic.php'; // First off we delete any topics the member has started - if they wanted topics being done. if ($_POST['remove_type'] == 'topics') { // Fetch all topics started by this user within the time period. $request = $smcFunc['db_query']('', ' SELECT t.id_topic FROM {db_prefix}topics AS t WHERE t.id_member_started = {int:selected_member}', array('selected_member' => $memID)); $topicIDs = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $topicIDs[] = $row['id_topic']; } $smcFunc['db_free_result']($request); // Actually remove the topics. // !!! This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had. removeTopics($topicIDs); } // Now delete the remaining messages. $request = $smcFunc['db_query']('', ' SELECT m.id_msg FROM {db_prefix}messages AS m INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic AND t.id_first_msg != m.id_msg) WHERE m.id_member = {int:selected_member}', array('selected_member' => $memID)); // This could take a while... but ya know it's gonna be worth it in the end. while ($row = $smcFunc['db_fetch_assoc']($request)) { if (function_exists('apache_reset_timeout')) { @apache_reset_timeout(); } removeMessage($row['id_msg']); } $smcFunc['db_free_result']($request); } // Only delete this poor members account if they are actually being booted out of camp. if (isset($_POST['deleteAccount'])) { deleteMembers($memID); } } elseif (empty($post_errors) && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum')) { // Setup their account for deletion ;) updateMemberData($memID, array('is_activated' => 4)); // Another account needs approval... updateSettings(array('unapprovedMembers' => true), true); } elseif (empty($post_errors)) { deleteMembers($memID); require_once $sourcedir . '/LogInOut.php'; LogOut(true); redirectExit(); } }
if (isset($_POST['FormLogIn'])) { openFormLogIn($tmpl['LogIn']); } else { if (isset($_POST['FormSingUp'])) { openFormSingUp($tmpl['LogIn']); } else { if (isset($_POST['LogIn'])) { if (authorize($mysqli, $_POST['login'], $_POST['password'], $tmpl['logout'])) { $_SESSION["pageNumber"] = 1; $_SESSION["pagelist"] = $tmpl["pagenumber"]; guest_event($mysqli, $tmpl['mininews'], $tmpl['pagenumber'], $tmpl['page']); hotnews($mysqli, $tmpl["hotnews"]); } } else { if (isset($_POST['LogOut'])) { if (LogOut($mysqli, $tmpl['regist'])) { /*НОВАЯ АВТОРИЗАЦИЯ ДЛЯ ГОСТЯ*/ if (!isset($_SESSION["pageNumber"])) { $_SESSION["pageNumber"] = 1; } if (!isset($_SESSION["maxCountNews"])) { $_SESSION["maxCountNews"] = 2; } $_SESSION["postCateg"] = "Главная страница"; $_SESSION['select'] = $tmpl['selectnumbernews']; guest_event($mysqli, $tmpl['mininews'], $tmpl['pagenumber'], $tmpl['page']); hotnews($mysqli, $tmpl["hotnews"]); } } else { if (isset($_POST['SingUp'])) { if (registret($mysqli, $_POST['login'], $_POST['password'])) {
function Close($message) { global $cli; LogOut(); if (file_exists("Cookies.txt")) { unlink("Cookies.txt"); } qecho($message . "\n"); if (!count($cli->params)) { sleep(2); } die; }
$cmd = strtolower($req->command); if ($cmd == "login") { if (!isset($req->data->login) || !isset($req->data->password)) { SendDataAndDie(4, ""); } $res = GetPHPSESID($req->data->login, $req->data->password); if ($res === false) { SendDataAndDie(300, ""); } SendDataAndDie(200, $res); } else { if ($cmd == "logout") { if (!isset($req->phpsesid)) { SendDataAndDie(301, ""); } $res = LogOut($req->phpsesid); if ($res === false) { SendDataAndDie(302, ""); } SendDataAndDie(200, ""); } else { if ($cmd == "checklogin") { if (strlen($req->data) < 4) { SendDataAndDie(4, ""); } $res = CheckLogin($req->data); if ($res === false) { SendDataAndDie(666, ""); } SendDataAndDie(200, $res); } else {
private function createBlock(&$block){ //global $this->db; $this->paginate=false; if($block->block_options){ $block->block_options = self::membership_vars($block->block_options); $block->block_options = stripslashes($block->block_options); // keep copy of old keys for array intersection and block processing ? // block options will add the options to the block; returning the entire block back // use array combine instead of passing the entire block? $block = self::get_block_options($block); if($block->logout == 'true' && $block->group_permissions && $block->user_session){ LogOut(); // could/should parse this $block-redirect to take [root] if($block->redirect) header("Location: $block->redirect"); exit; } if((!$block->user_session) && $block->permissions){ // show the block and exit (don't show anything else.. hopefully this is the only block in the url other than globals.. $this->html_output .= ($block->unauthorized_msg?$block->unauthorized_msg:''); unset($block); end; } if($block->permissions && $block->permissions != $block->group_permissions && $block->permissions != 'hide'){ $group_level = self::get_results('SELECT group_level from mp_groups where group_permissions ="'.$block->permissions . '"'); if($group_level[0]->group_level < $block->group_level){ $block->block_content = ($block->unauthorized_msg?$block->unauthorized_msg:'<h3>You do not have permission to view this data.</h3>'); } } if(($block->permissions && (((!$block->user_session) && !$block->hide_block)) || ($block->hide_block))){ // Special permission to be set for blocks to hide when authorized (specifically the login screen) also hides authorized blocks when not logged in (without a 'you do not have permission' message) $block->block_content = ''; unset($block); } if($block->load_class){ // this is much easier than the php parser from aiki framework .. probably adapt it // do we still need to pass 'system_folder' var for parent constructs ? some blocks need specific parameters passed to them $class= $block->load_class; if(!class_exists($class)); require($this->system_folder.'/system/libraries/'.$class.'.php'); // systemfolder must be passed in order for the parent construct method to work // may consider creating a class that pre-generates the class files based on some basic parameters $block->load_class = new $class($this->system_folder); $block->block_content .= $block->load_class->html; /* ambitius but rubbish ? $block->block_content .= self::smartLoad($block->load_class); */ } if($block->edit_conf){ // load admin with an extra selector ??? if(!class_exists('admin')){ require($this->system_folder.'/system/libraries/admin.php'); $block->edit_conf = new admin($this->system_folder,$block->edit_conf); $block->block_content .= $block->edit_conf->html; } } if($block->form_edit_config && $block->form_record_config){ if(!class_exists('sqlee') && !$form){ require($this->system_folder.'/system/libraries/sqlee.php'); $form = new sqlee($this->system_folder); } require_once($this->system_folder.'/system/conf/sqlee_conf.php'); foreach(explode(' ',sqlee_conf::$_['block_options']) as $key){ $temp_check[$key] = ''; } $sqlee_arguments = array_intersect_key(get_object_vars($block),$temp_check); if(count($sqlee_arguments)>1 && $form){ $form = $form->record_editor($sqlee_arguments); $this->html_output .= $form; } } if($block->description && $this->user_var['[description]'] && !strstr('((',$block->description)) $this->description []= $block->description; // inner_sql - simple way to insert data into a sql selection statement // check to see that a limit doesn't already exist in statement if($block->keywords && $this->user_var['[keywords]']) $this->keywords []= trim($block->keywords); // destroy blocks that want to be hidden if($block->hide_urls) foreach(explode(',',$block->hide_urls) as $hide) if($hide == $block->urls || $hide == $this->pass_url) unset($block); } // sql select statement processing if($block->master_select){ $block->master_select = self::processVars($block->master_select); // this includes checking for a (!!) , after the (!!) a user may provide a backup sql select statement if the first statement fails $master_selects = explode('(!!)',$block->master_select); if(count($master_selects) == 2){ $url1=self::get_string_between ($master_selects[0], '(!(', ')!)'); // this basically says that if the URL isn't recognized, then run the second select statement this may need more testing... $block->master_select = ($url1==$this->url[$url1]?$master_selects[0]:$master_selects[1]); // problem if multiple paginate block types exist... problems will ensue... try using unique block_title/template }elseif($block->block_type == 'paginate'){ $block = self::paginate($block); } unset($master_selects); } // create actual content // stipulations.. raw_html doesn't do any title processing... this is problematic.. $block->block_content = stripslashes($block->block_content); // whats the diff between block content and block_html ?? switch ($block->block_type){ default: self::createBlockContent($block); $this->html_output .= self::processVars($block->block_content); break; case "raw_html": $this->html_output .= $block->block_content; break; case "inline_css": $this->html_head .= "\n" . '<style type ="text/css">' . preg_replace("/\r?\n/m", "",$block->block_content) . "</style>\n" ; break; case "parse": $this->html_output .= self::processVars($block->block_content); break; case "html_head": $this->html_head .= self::processVars($block->block_content); break; case "dyn_head": self::createBlockContent($block); $this->html_head .= self::processVars($this->block_html); break; case "full_doc": $this->full_output = $block->block_content; end; break; case "full_html": self::createBlockContent($block);$this->full_output = $this->block_html;end; break; } unset($this->block_html); }