private function verif_sessions()
{
if (isset($_SESSION['__member']['id'], $_SESSION['__member']['key'], $_SESSION['__member']['pseudo'])) {
$verifKey = _hash($_SESSION['__member']['id'] . $_SESSION['__member']['pseudo'], 'XTC_CMS');
if ($verifKey == $_SESSION['__member']['key']) {
$this->status = 'on';
$this->pseudo = $_SESSION['__member']['pseudo'];
$this->idMember = $_SESSION['__member']['id'];
return true;
}
}
$this->idMember = 0;
$this->pseudo = NULL;
$this->status = 'off';
return false;
}
require_once '../../kernel/begin.php';
$lang->setModule('membres', 'inscription');
$form = new Form(translate('title_form'), 'post');
$form->add_fieldset();
$form->add_input('login', 'login', translate('login_form'));
$form->add_input('password', 'password', translate('password_form'), 'password');
$form->add_input('password_confirm', 'password_confirm', translate('password_confirm'), 'password');
$form->add_input('email', 'email', translate('email_form'));
$form->add_button();
$fh = new FormHandle($form);
$fh->handle();
if ($fh->okay()) {
$login = $fh->get('login');
$password = _hash($fh->get('password'));
$password_confirm = _hash($fh->get('password_confirm'));
$email = $fh->get('email');
if ($password != $password_confirm) {
$error = new Error();
$error->add_error(translate('two_passwords_not'), ERROR_PAGE, __FILE__, __LINE__);
} else {
$params = array($login, $email, $password, time(), time());
$bdd->query('INSERT INTO ' . TABLE_MEMBERS . ' ( membre_login, membre_email, membre_password, membre_register, membre_last_up ) VALUES( ?, ?, ?, ?, ? )', $params);
$error = new Error();
$error->add_error(translate('inscription_ok'), ERROR_PAGE, __FILE__, __LINE__);
tpl_begin();
echo '<p>' . translate('welcome') . '</p>';
tpl_end();
exit;
}
}
/**
* 根据明文创建一个需要提交的Hash密码
* @param $plain
* @return string
*/
public static function MakeHashChar($plain)
{
$sort = str_split($plain);
sort($sort);
return _hash($plain . md5(join('', $sort)));
}
/**
* 修改用户密码
* @param User $user
* @param string $old
* @param string $new
*/
public function edit_user_password($user, $old, $new)
{
$l = strlen(_hash(""));
if ($l !== strlen($old) || $l !== strlen($new)) {
$this->throwMsg(-7);
}
lib()->load("UserCheck");
if ($user->getPassword() !== UserCheck::CreatePassword($old, $user->getSalt())) {
$this->throwMsg(-8);
}
$list = ['salt' => salt(64)];
$list['password'] = UserCheck::CreatePassword($new, $list['salt']);
$user->set($list);
}
function decrypt($string, $cc_encryption_hash)
{
$key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash);
$hash_key = _hash($key);
$hash_length = strlen($hash_key);
$string = base64_decode($string);
$tmp_iv = substr($string, 0, $hash_length);
$string = substr($string, $hash_length, strlen($string) - $hash_length);
$iv = $out = '';
$c = 0;
while ($c < $hash_length) {
$iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen($string)) {
if ($c != 0 and $c % $hash_length == 0) {
$key = _hash($key . substr($out, $c - $hash_length, $hash_length));
}
$out .= chr(ord($key[$c % $hash_length]) ^ ord($string[$c]));
++$c;
}
return $out;
}
/**
* @param $user
* @param $password
*/
public function create_user($user, $password)
{
$salt = salt(40);
$password = salt_hash(_hash($password), $salt);
var_dump(db()->insert("user", array('user' => $user, 'password' => $password, 'salt' => $salt, 'token' => _hash($password . salt(50)))));
var_dump(db()->error());
}
protected function _create_home()
{
global $user;
$v = $tree = $this->init();
$z = $this->__(w('zmode'));
if (_button()) {
$v_ary = array('subject', 'content');
if ($user->v('is_founder')) {
$v_ary = array_merge($v_ary, array('node' => 0, 'parent' => 0, 'level' => 0, 'module' => 0, 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent' => 0, 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'description', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published', 'move'));
}
$v = $this->__($v_ary);
/*
$v = $this->__(array(
'node' => 0,
'parent' => 0,
'level' => 0,
'module' => 0,
'alias',
'child_hide' => 0,
'child_order',
'nav' => 0,
'nav_hide' => 0,
'css_parent' => 0,
'css_var',
'quickload' => 0,
'dynamic' => 0,
'tags',
'template',
'redirect',
'subject',
'content',
'description',
'allow_comments' => 0,
'approve_comments' => 0,
'form' => 0,
'form_email',
'published',
'move'
));
*/
//
$v['edited'] = time();
foreach (w('node level parent module') as $row) {
$v[$row] = $tree['tree_' . $row];
}
if ($z['zmode'] == 'create') {
$v['parent'] = $tree['tree_id'];
$v['level']++;
if (!$v['node']) {
$v['node'] = $v['parent'];
}
}
// Parse vars
foreach ($v as $row_k => $row_v) {
switch ($row_k) {
case 'subject':
$row_v = $this->html($row_v, 'strong');
break;
case 'content':
$row_v = $this->html($row_v);
break;
case 'alias':
$row_v = _alias($row_v, w('_'), '-');
break;
case 'checksum':
$row_v = _hash($v['content']);
break;
case 'published':
$row_v = dvar($row_v, date('d m Y'));
$e_date = explode(' ', $row_v);
$row_v = _timestamp($e_date[1], $e_date[0], $e_date[2]);
break;
}
$v[$row_k] = $row_v;
}
if ($z['zmode'] == 'modify' && $tree['tree_alias'] == 'home' && $v['alias'] != 'home') {
$v['alias'] = 'home';
}
if (f($v['alias'])) {
$sql = 'SELECT tree_id
FROM _tree
WHERE tree_alias = ?
AND tree_id <> ?';
if (_fieldrow(sql_filter($sql, $v['alias'], $tree['tree_id']))) {
$this->_error('#ALIAS_IN_USE');
}
}
if ($z['zmode'] == 'modify') {
if ($v['move']) {
$mv_field = !is_numb($v['move']) ? 'alias' : 'id';
$sql = 'SELECT *
FROM _tree
WHERE tree_?? = ?';
if ($mv_tree = _fieldrow(sql_filter($sql, $mv_field, $v['move']))) {
$mv_insert = array('module' => $mv_tree['module_id'], 'node' => $mv_tree['tree_node'], 'parent' => $mv_tree['tree_id'], 'level' => $mv_tree['tree_level'] + 1);
$sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $mv_insert)) . sql_filter('
WHERE article_id = ?', $tree['tree_id']);
_sql($sql);
$sql = 'UPDATE _tree SET tree_childs = tree_childs - 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $tree['tree_parent']));
$sql = 'UPDATE _tree SET tree_childs = tree_childs + 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $mv_tree['tree_id']));
}
}
unset($v['move']);
// Check input values against database
foreach ($v as $row_k => $row_v) {
if ($tree['tree_' . $row_k] == $row_v) {
unset($v[$row_k]);
}
}
if (!(count($v) - 1)) {
unset($v['edited']);
}
} else {
unset($v['move']);
}
//
$u_tree = _rewrite($tree);
if (count($v)) {
if (isset($v['content']) && $v['content']) {
$v['content'] = str_replace(w('< >'), w('< >'), $v['content']);
}
if ($z['zmode'] == 'create') {
$sql = 'INSERT INTO _tree' . _build_array('INSERT', prefix('tree', $v));
} else {
$sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $v)) . sql_filter('
WHERE tree_id = ?', $tree['tree_id']);
}
_sql($sql);
if ($z['zmode'] == 'create') {
$u_tree = f($v['alias']) ? $v['alias'] : _nextid();
$sql = 'UPDATE _tree
SET tree_childs = tree_childs + 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $tree['tree_id']));
}
}
redirect(_link($u_tree));
}
//
// Show fieldset
/*$v_fieldset = array(
'subject',
'content',
'description',
'alias',
'child_hide' => 0,
'child_order',
'nav' => 0,
'nav_hide' => 0,
'css_parent',
'css_var',
'quickload' => 0,
'dynamic' => 0,
'tags',
'template',
'redirect',
'allow_comments' => 0,
'approve_comments' => 0,
'form' => 0,
'form_email',
'published'
);
*/
$v_fieldset = array('subject', 'content');
if ($user->v('is_founder')) {
$v_fieldset = array_merge($v_fieldset, array('description', 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent', 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published'));
}
$is_modify = $z['zmode'] == 'modify';
foreach (_array_keys($v_fieldset, '') as $k => $row) {
$name = 'tree_' . $k;
$cp_lang = _lang('CP_' . $k);
$value = $is_modify ? isset($v[$k]) ? $v[$k] : (isset($tree[$name]) ? $tree[$name] : '') : '';
$checked = is_numb($row) && $is_modify && $tree[$name] ? ' checked="checked"' : '';
if (f($value)) {
switch ($k) {
case 'published':
$value = date('d m Y', $value);
break;
}
}
$type = 'text';
if (is_numb($row)) {
$value = 1;
$type = 'checkbox';
}
$tag = 'input';
if ($k == 'content') {
$tag = 'textarea';
}
_style('field', array('NAME' => $k, 'ID' => $k, 'TAG' => $tag, 'TYPE' => $type, 'VALUE' => $value, 'LANG' => $cp_lang, 'CHECKED' => $checked));
if ($k == 'template') {
$i = 0;
$fp = @opendir('./style/custom/');
while ($row_d = @readdir($fp)) {
if (_extension($row_d) != 'htm') {
continue;
}
if (!$i) {
_style('field.templated');
_style('field.templated.row', array('V' => '', 'FILE' => _lang('NONE')));
}
$v_file = str_replace('.htm', '', $row_d);
_style('field.templated.row', array('V' => $v_file, 'FILE' => $v_file));
$i++;
}
@closedir($fp);
}
//
}
$cp_format = !$is_modify ? 'CREATE' : 'MODIFY';
v_style(array('CP_PAGE' => sprintf(_lang('CP_PAGE_' . $cp_format), $tree['tree_subject'])));
return;
}
$bdd = new bdd(array('host' => $hostBDD, 'login' => $loginBDD, 'database' => $databaseBDD, 'password' => $passwordBDD, 'displayErrors' => false));
$bdd->query(str_replace('#_PREFIX_#', $prefixeBDD, file_get_contents(ROOT . 'install/db/install.sql')));
$bdd->query('INSERT INTO `' . $table_members . '` ( membre_login, membre_email, membre_password, membre_register, membre_last_up, membre_rank, membre_design, membre_lang ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? ) ', array($admin_login, $admin_email, $admin_password, time(), time(), RANK_ADMIN, NULL, NULL));
unset($_SESSION['__install']);
if (isset($_POST['delete_dir'])) {
$_SESSION['__delete_dir_install'] = true;
}
break;
case 4:
if (isset($_POST['login'], $_POST['password'], $_POST['passwordConfirm'], $_POST['email'])) {
$login = $_POST['login'];
$password = $_POST['password'];
$passwordconfirm = $_POST['passwordConfirm'];
$email = $_POST['email'];
if ($password == $passwordconfirm) {
$passwordHash = _hash($password);
if (check_email($email) === 1) {
if (check_pseudo($login)) {
$_SESSION['__install'][3] = array('login' => $login, 'password' => $passwordHash, 'email' => $email);
break;
} else {
$error = new error();
$error->addError('L\'email n\'est pas à un format conventionnel.', ERROR_PAGE, 'install.php', __LINE__);
$step = 3;
}
} else {
$error = new error();
$error->addError('L\'email n\'est pas à un format conventionnel.', ERROR_PAGE, 'install.php', __LINE__);
$step = 3;
}
} else {
/**
* 通过加盐生成hash值
* @param $hash
* @param $salt
* @return string
*/
function salt_hash($hash, $salt)
{
$count = count($salt);
return _hash(substr($salt, 0, $count / 3) . $hash . $salt);
}
function _generate_iv()
{
global $cc_encryption_hash;
srand((double) microtime() * 1000000);
$iv = md5(strrev(substr($cc_encryption_hash, 13)) . substr($cc_encryption_hash, 0, 13));
$iv .= rand(0, getrandmax());
$iv .= serialize(array("key" => md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash)));
return _hash($iv);
}
$form = new Form(translate('title_form'), 'post');
$form->add_fieldset();
$form->add_input('login', 'login', translate('login_form'));
$form->add_input('password', 'password', translate('password_form'), 'password');
$form->add_button();
$fh = new FormHandle($form);
$fh->handle();
if ($fh->okay()) {
$login = $fh->get('login');
$password = _hash($fh->get('password'));
$params = array($login, $password);
$cSql = $bdd->count_sql(TABLE_MEMBERS, 'WHERE membre_login = ? AND membre_password = ?', $params);
if ($cSql == 0) {
$error = new Error();
$error->add_error(translate('inexistant_member'), ERROR_PAGE, __FILE__, __LINE__);
} else {
$requete = $bdd->query('SELECT * FROM ' . TABLE_MEMBERS . ' WHERE membre_login = ? AND membre_password = ?', $params);
$resultats = $bdd->fetch($requete);
$hashKey = _hash($resultats['membre_id'] . $login, 'XTC_CMS');
$sessions->add_session('pseudo', $login, '__member')->add_session('id', $resultats['membre_id'], '__member')->add_session('key', $hashKey, '__member')->add_session('isConnected', true, '__member');
$member->log_in($resultats['membre_id']);
$error = new Error();
$error->add_error(translate('connexion_ok'), ERROR_GLOBAL, __FILE__, __LINE__, ROOTU . 'modules/accueil/index.php');
}
}
}
tpl_begin();
if (isset($form)) {
$form->build_all();
}
tpl_end();
/**
* 设置加密密钥
* @param $key string
*/
public function setKey($key)
{
$this->key = _hash($key . @$_SERVER['HTTP_USER_AGENT'] . COOKIE_KEY, true);
}
