Exemple #1
0
 function __construct()
 {
     if (intval(EXPIRES) > 0) {
         $expiryTime = intval(EXPIRES);
     }
     $this->db = DBConnect();
     $this->tbUser = $this->db->tbPrefix . 'user';
     $this->tbField = $this->db->tbPrefix . 'field';
     $this->tbUserField = $this->db->tbPrefix . 'user_field';
     $this->tbSession = $this->db->tbPrefix . 'session';
     $this->ocKey = Val('ocKey', 'COOKIE');
     if (!empty($this->ocKey)) {
         $row = $this->db->FirstRow("SELECT userId,token,data FROM " . $this->tbSession . " WHERE ocKey='" . $this->ocKey . "' AND expires>" . time());
         $this->userId = intval($row['userId']);
         $this->token = $row['token'];
         $data = $row['data'];
         if (!empty($data)) {
             $data = unserialize($data);
             $this->adminLevel = intval($data['adminLevel']);
             $this->userName = $data['userName'];
             $avatarDir = URL_ROOT . '/upload/avatar/';
             $this->avatarImg = empty($data['avatarImg']) ? $avatarDir . 'avatar_50_50.gif' : $avatarDir . $data['avatarImg'];
             $this->avatarImg_s = empty($data['avatarImg_s']) ? $avatarDir . 'avatar_30_30.gif' : $avatarDir . $data['avatarImg_s'];
             $this->signature = $data['signature'];
             $this->db->Execute("UPDATE " . $this->tbSession . " SET updateTime='" . time() . "',expires=expires+" . $this->expiryTime . " WHERE ocKey='" . $this->ocKey . "'");
         }
     }
 }
Exemple #2
0
     $username = Val('user', 'POST');
     if (empty($username)) {
         ShowError('用户/邮箱不能为空', $url['login']);
     }
     $userpwd = Val('pwd', 'POST');
     if (empty($userpwd)) {
         ShowError('密码不能为空', $url['login']);
     }
     $captcha = Val('captcha', 'POST');
     /*
     if(empty($captcha)) ShowError('请输入验证码',$url['login']);
     //判断验证码
     include(ROOT_PATH.'/source/class/Captcha.class.php');
     if(!Captcha::Check($captcha)) ShowError('验证码输入错误',$url['login']);
     */
     $auto = Val('auto', 'POST', 1);
     if ($user->userId <= 0) {
         if ($user->Login($username, $userpwd, $auto)) {
             ShowSuccess('登录成功');
         } else {
             ShowError('登录失败,请检查用户/邮箱或密码', $url['login']);
         }
     }
     break;
 case 'logout':
     if ($user->Logout()) {
         ShowSuccess('成功退出');
     }
     break;
 default:
     if ($user->userId > 0) {
Exemple #3
0
        if ($emailExisted > 0) {
            ShowError("邮箱{$email}已存在", $url['register'], '重新填写');
        }
        //入库
        $executeArr = array('userName' => $username, 'userPwd' => OCEncrypt($userpwd), 'email' => $email, 'phone' => $phone, 'addTime' => time());
        if ($db->AutoExecute($tbUser, $executeArr)) {
            if (!empty($inviteRow)) {
                $regUserId = $db->LastId();
                $db->Execute("UPDATE {$tbInviteReg} SET isUsed=1,regUserId='{$regUserId}',regTime='" . time() . "' WHERE id='{$inviteRow[id]}'");
            }
            //自动登录
            $user->Login($username, $userpwd, 1);
            ShowSuccess('注册成功', $url['root']);
        } else {
            ShowError('出错了,请与管理员联系');
        }
        break;
    default:
        if ($user->userId > 0) {
            ShowError('您已登录,不能进行注册!');
        }
        $key = Val('key', 'GET');
        $smarty = InitSmarty();
        $smarty->assign('do', $do);
        $smarty->assign('register', REGISTER);
        $smarty->assign('key', $key);
        $smarty->assign('show', $show);
        $smarty->assign('url', $url);
        $smarty->display('register.html');
        break;
}
Exemple #4
0
     $smarty->assign('timeData', $timeData);
     $smarty->display('user/time.tpl');
     break;
 case "x_user":
     $title = '帐号资料修改';
     $sql1 = 'SELECT * FROM sky_user WHERE userName="******"';
     $u_data = $db->Dataset($sql1);
     $inviter = $u_data[0][inviter];
     $sql2 = 'SELECT addKeyUser FROM sky_invite_reg WHERE inviteKey="' . $inviter . '"';
     $u_data2 = $db->FirstColumn($sql2);
     $smarty = InitSmarty();
     if ($_POST) {
         $email = Val('email', 'POST');
         $oldPass = Val('oldPass', 'POST');
         $newPass = Val('newPass', 'POST');
         $cPass = Val('cPass', 'POST');
         if (!empty($email) || !preg_match('/^(\\w+\\.)*?\\w+@(\\w+\\.)+\\w+$/', $email)) {
             if ($email != $u_data[0][email] && empty($cPass) && empty($oldPass) && empty($newPass)) {
                 $data = array('email' => $email);
                 if ($db->AutoExecute($tbUser, $data, 'UPDATE', 'userName="******"')) {
                     ShowSuccess('恭喜您,修改邮箱成功!', URL_ROOT . '/user/x_user');
                 } else {
                     ShowError('修改失败,请联系管理员', 'mailto:sky@03sec.com');
                 }
             } elseif ($email == $u_data && empty($cPass) && empty($oldPass) && empty($newPass)) {
                 ShowError('您没有做任何修改', 'javascript:history.go(-1)');
             } else {
                 if ($newPass == $cPass) {
                     $oldp = $u_data[0][userPwd];
                     if (OCEncrypt($oldPass) == $oldp) {
                         $data = array('email' => $email, 'userPwd' => OCEncrypt($cPass));
Exemple #5
0
Fichier : code.php Projet : I0T/xss
<?php

/**
 * code.php 代码文件
 * ----------------------------------------------------------------
 * OldCMS,site:http://www.oldcms.com
 */
if (!defined('IN_OLDCMS')) {
    die('Access Denied');
}
//输入文件格式为js
header("Content-type: application/x-javascript");
header("Cache-Control: nocache");
header("Pragma: no-cache");
$id = Val('id', 'GET', 1);
$urlKey = Val('urlKey', 'GET');
$db = DBConnect();
$project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE id='{$id}' OR urlKey='{$urlKey}'");
if (empty($project)) {
    exit;
}
$moduleSetKeys = json_decode($project['moduleSetKeys'], true);
/* 模块 begin */
$moduleIds = array();
if (!empty($project['modules'])) {
    $moduleIds = json_decode($project['modules']);
}
if (!empty($moduleIds)) {
    $modulesStr = implode(',', $moduleIds);
    $modules = $db->Dataset("SELECT * FROM " . Tb('module') . " WHERE id IN ({$modulesStr})");
    if (!empty($modules)) {
Exemple #6
0
 * ----------------------------------------------------------------
 * OldCMS,site:http://www.oldcms.com
 */
if (!defined('IN_OLDCMS')) {
    die('Access Denied');
}
$auth = Val('auth', 'GET');
$db = DBConnect();
$project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE authCode='{$auth}'");
if (empty($project)) {
    exit('Auth Err.');
}
switch ($act) {
    case 'content':
    default:
        $domain = Val('domain', 'GET');
        $where = '';
        if (!empty($domain)) {
            $where .= " AND domain='{$domain}'";
        }
        $contents = $db->FirstColumn("SELECT content FROM " . Tb('project_content') . " WHERE projectId='{$project[id]}' {$where} ORDER BY id DESC");
        $data = array();
        foreach ($contents as $k => $v) {
            $row = array();
            $v = (array) json_decode($v);
            $row['url'] = $v['opener'] ? $v['opener'] : $v['toplocation'];
            $row['cookie'] = $v['cookie'];
            $data[] = $row;
        }
        echo JsonEncode($data);
        break;
Exemple #7
0
Fichier : api.php Projet : I0T/xss
     $moduleIds = json_decode($project['modules']);
 }
 if (!empty($moduleIds)) {
     $modulesStr = implode(',', $moduleIds);
     $modules = $db->Dataset("SELECT * FROM " . Tb('module') . " WHERE id IN ({$modulesStr})");
     if (!empty($modules)) {
         foreach ($modules as $module) {
             if (!empty($module['keys'])) {
                 $keys = array_merge($keys, json_decode($module['keys']));
             }
         }
     }
 }
 /* 模块 end */
 foreach ($keys as $key) {
     $content[$key] = Val($key, 'REQUEST');
 }
 if (in_array('toplocation', $keys)) {
     $content['toplocation'] = !empty($content['toplocation']) ? $content['toplocation'] : $content['location'];
 }
 $judgeCookie = in_array('cookie', $keys) ? true : false;
 /* cookie hash */
 $cookieHash = md5($project['id'] . '_' . $content['cookie'] . '_' . $content['location'] . '_' . $content['toplocation']);
 $cookieExisted = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('project_content') . " WHERE projectId='{$project[id]}' AND cookieHash='{$cookieHash}'");
 if (!$judgeCookie || $cookieExisted <= 0) {
     //服务器获取的content
     $serverContent = array();
     $serverContent['HTTP_REFERER'] = $_SERVER['HTTP_REFERER'];
     $referers = @parse_url($serverContent['HTTP_REFERER']);
     $domain = $referers['host'] ? $referers['host'] : '';
     $domain = StripStr($domain);
Exemple #8
0
<?php

/**
 * index.php 默认页
 * ----------------------------------------------------------------
 * OldCMS,site:http://www.oldcms.com
 */
include 'init.php';
$do = Val('do', 'GET', 0);
$dos = array('index', 'login', 'project', 'module', 'code', 'api', 'do', 'register', 'user', 'keepsession');
if (!in_array($do, $dos)) {
    $do = 'index';
}
include ROOT_PATH . '/source/' . $do . '.php';
Exemple #9
0
     }
     $keys = Val('keys', 'POST', 0, 1);
     $keys = JsonEncode($keys);
     $setkeys = Val('setkeys', 'POST', 0, 1);
     $setkeys = JsonEncode($setkeys);
     $isOpen = Val('isOpen', 'POST', 1);
     $code = Val('code', 'POST');
     $values = array('title' => $title, 'description' => $description, 'userId' => $user->userId, '`keys`' => $keys, '`setkeys`' => $setkeys, 'code' => $code, 'isOpen' => $isOpen);
     $db->AutoExecute(Tb('module'), $values, 'UPDATE', " id={$id}");
     ShowSuccess('操作成功');
     break;
 case 'delete':
     if (!$user->CheckToken(Val('token', 'GET'))) {
         ShowError('操作失败');
     }
     $id = Val('id', 'GET', 1);
     $db = DBConnect();
     //读取module信息
     $module = $db->FirstRow("SELECT * FROM " . Tb('module') . " WHERE id='{$id}' AND userId='" . $user->userId . "'");
     if (empty($module)) {
         ShowError('模块不存在或没有权限');
     }
     $db->Execute("DELETE FROM " . Tb('module') . " WHERE id='{$id}'");
     ShowSuccess('操作成功');
     break;
 case 'list':
 default:
     include 'common.php';
     $smarty = InitSmarty();
     $smarty->assign('do', $do);
     $smarty->assign('show', $show);
    case 'audit':
        $isAudit = Val('isAudit', 'GET', 1);
        $id = Val('id', 'GET', 1);
        $db = DBConnect();
        $tbModule = $db->tbPrefix . 'module';
        $db->Execute("UPDATE {$tbModule} SET isAudit='{$isAudit}',managerId='" . $user->userId . "',managerName='" . $user->userName . "' WHERE id='{$id}'");
        ShowSuccess('操作成功', URL_ROOT . '/admin/index.php?do=admin_module');
        break;
    default:
        $db = DBConnect();
        $tbModule = $db->tbPrefix . 'module';
        $tbUser = $db->tbPrefix . 'user';
        $where = " AND isOpen=1";
        include ROOT_PATH . '/source/class/Pager.class.php';
        $countSql = "SELECT COUNT(*) FROM {$tbModule} WHERE 1=1 {$where} ORDER BY id DESC";
        $sql = "SELECT m.*,u.userName AS userName FROM {$tbModule} m INNER JOIN {$tbUser} u ON u.id=m.userId WHERE 1=1 {$where} ORDER BY id DESC";
        $href = './index.php?do=admin_module';
        if (!empty($act)) {
            $href .= '&act=' . $act;
        }
        $pager = new Pager($countSql, $sql, $href, 20, 5, Val('pNO', 'GET', 1));
        $modules = $pager->data;
        $smarty = InitSmarty(1);
        $smarty->assign('modules', $modules);
        $smarty->assign('nav', $pager->nav);
        $smarty->assign('do', $do);
        $smarty->assign('show', $show);
        $smarty->assign('url', $url);
        $smarty->display('admin_module.html');
        break;
}
Exemple #11
0
<?php

/**
 * index.php 首页
 * ----------------------------------------------------------------
 * OldCMS,site:http://www.oldcms.com
 */
if (!defined('IN_OLDCMS')) {
    die('Access Denied');
}
$act = Val('act', 'GET');
switch ($act) {
    default:
        $smarty = InitSmarty();
        $smarty->display('index.html');
        break;
}
Exemple #12
0
     $ucountsql = "SELECT count(*) FROM " . $tbUser . " WHERE 1=1 ORDER BY id DESC";
     $href = URL_ROOT . "/admin/usermanage";
     $upager = new Pager($ucountsql, $sql, $href, 8, 10, Val('pNO', 'GET', 1));
     $uinfo = $upager->data;
     $umanage = $db->Dataset($sql);
     $smarty = InitSmarty();
     $smarty->assign('info', 'usermanage');
     $smarty->assign('uinfo', $uinfo);
     $smarty->assign('Av', $user->avatarImg);
     $smarty->assign('title', $title);
     $smarty->assign('unav', $upager->nav);
     $smarty->assign('umanage', $umanage);
     $smarty->display('admin/umanage.tpl');
     break;
 case "deluser":
     $deluser = Val("uuuuid", 'POST');
     $sql = "DELETE  FROM " . $tbUser . " WHERE userName='******' LIMIT 1";
     if ($db->Execute($sql)) {
         ShowSuccess('删除用户 ' . $deluser . ' 成功!!', URL_ROOT . '/admin/usermanage');
     } else {
         ShowAError('删除用户 ' . $deluser . ' 失败,请联系管理员 sky@03sec.com', URL_ROOT . '/admin/usermanage');
     }
     break;
 default:
     $UNUM = $user->getUserNum();
     $smarty = InitSmarty();
     $title = '后台管理面板';
     $smarty->assign('do', $do);
     $smarty->assign('show', $show);
     $smarty->assign('url', $url);
     $smarty->assign('user', $userName);
Exemple #13
0
    case 'delcontent':
        if (!$user->CheckToken(Val('token', 'POST'))) {
            ShowError('操作失败');
        }
        $id = Val('id', 'POST');
        $db = DBConnect();
        $content = $db->FirstRow("SELECT pc.projectId FROM " . Tb('project_content') . " pc INNER JOIN " . Tb('project') . " p ON p.id=pc.projectId WHERE p.userId='" . $user->userId . "' AND pc.id='{$id}'");
        if (!empty($content)) {
            $db->Execute("DELETE FROM " . Tb('project_content') . " WHERE id='{$id}'");
        }
        echo 1;
        break;
    case 'delcontents':
        if (!$user->CheckToken(Val('token', 'POST'))) {
            ShowError('操作失败');
        }
        $ids = Val('ids', 'POST');
        $ids = explode('|', $ids);
        //删除
        $db = DBConnect();
        foreach ($ids as $id) {
            $content = $db->FirstRow("SELECT pc.projectId FROM " . Tb('project_content') . " pc INNER JOIN " . Tb('project') . " p ON p.id=pc.projectId WHERE p.userId='" . $user->userId . "' AND pc.id='{$id}'");
            if (!empty($content)) {
                $db->Execute("DELETE FROM " . Tb('project_content') . " WHERE id='{$id}'");
            }
        }
        echo 1;
        break;
    default:
        break;
}
Exemple #14
0
Fichier : user.php Projet : I0T/xss
     $smarty->assign('projects', $projects);
     $smarty->assign('modules', $modules);
     $smarty->assign('input1', $input1);
     $smarty->assign('input2', $input2);
     $smarty->assign('email', $email);
     $smarty->assign('phone', $phone);
     $smarty->assign('emsg', $emsg);
     $smarty->assign('pmsg', $pmsg);
     $smarty->display('user_seting.html');
     exit;
     break;
 case 'submit':
     $db = DBConnect();
     $phone = Val('phone', 'POST');
     $emsg = Val('emsg', 'POST');
     $pmsg = Val('pmsg', 'POST');
     if (!empty($phone) && !preg_match('/^(\\d{11})$/', $phone)) {
         ShowError('手机格式不正确', URL_ROOT . '/index.php?do=user&act=seting', '重新填写');
     }
     //手机验证
     if ($emsg == 'on') {
         $emsg = '1';
     } else {
         $emsg = '0';
     }
     if ($pmsg == 'on') {
         $pmsg = '1';
     } else {
         $pmsg = '0';
     }
     $db->Execute("UPDATE " . Tb('user') . " SET phone='" . $phone . "',message='" . $emsg . "|" . $pmsg . "' WHERE id='" . $user->userId . "'");
Exemple #15
0
<?php

/**
 * keepsession.php keep session请求
 * ----------------------------------------------------------------
 */
if (!defined('IN_OLDCMS')) {
    die('Access Denied');
}
$urlKey = Val('id', 'GET');
$url = Val('url', 'GET');
$cookie = Val('cookie', 'GET');
$db = DBConnect();
$project = $db->FirstRow("SELECT * FROM " . Tb('project') . " WHERE urlKey='{$urlKey}'");
if (!empty($project) && !empty($url) && !empty($cookie)) {
    $hash = md5($url . $cookie);
    $existed = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('keepsession') . " WHERE hash='{$hash}'");
    if ($existed <= 0) {
        //判断用户key session的请求数量
        $sum = $db->FirstValue("SELECT COUNT(*) FROM " . Tb('keepsession') . " WHERE userId='{$project[userId]}'");
        if ($sum < 10) {
            $sqlValues = array('projectId' => $project['id'], 'userId' => $project['userId'], 'url' => $url, 'cookie' => $cookie, 'hash' => $hash, 'addTime' => time(), 'updateTime' => time());
            $db->AutoExecute(Tb('keepsession'), $sqlValues);
        }
    }
}