/**
* 是否登录并解密cookie
* @access public
* @return boolean
*/
public function decryptUid()
{
if (cookie('posutoba')) {
$uid = cookie('posutoba');
$uid_res = authCode($uid, 'DECODE');
return $uid_res;
} else {
return null;
}
}
$error = "";
if (isset($_POST["username"]) && isset($_POST["password"])) {
if (empty($_POST["username"]) || empty($_POST["password"])) {
$error = "用户名或密码为空";
//return false;
} else {
$username = $_POST["username"];
$password = $_POST["password"];
if ($username == $U) {
if ($password == $P) {
$token = mt_rand();
// 生成token
$fp = fopen("../temp/session_token", "w+");
fwrite($fp, $token);
fclose($fp);
$cookieValue = authCode("{$username},{$password},{$token}", $textKey, "ENCODE");
//echo $cookieValue;
// 写入cookie
createCookie("anehtaDoor", $cookieValue, 0, '/', '', 0, 1);
// 跳转url到referer
if (isset($_GET["redirect"])) {
// 这里没检查跳转的域,有钓鱼的风险
$redirect = $_GET["redirect"];
header("Location: {$redirect}");
} else {
header("Location: admin.php");
}
} else {
// 密码错
$error = "用户名或密码错误";
//return false;
/*
* 统一配置anehta 配置文件
* 包括: anehtaurl, mail server, auth 等
*
*/
include_once "xml.php";
$anehtaurl = "";
$boomerangtarget = "";
$boomerangsrc = "";
// check csrf TOKEN
if (isset($_POST["csrfToken"])) {
if (empty($_POST["csrfToken"])) {
echo "\nToken Error! May be CSRF attack!\n";
return false;
} else {
list($user, $pass, $token) = explode(",", authCode($_COOKIE["anehtaDoor"], $textKey, "DECODE"));
//echo "token = $token\n";
//echo "csrf = ".base64_decode($_POST["csrfToken"])."\n";
if ($token != base64_decode($_POST["csrfToken"])) {
echo "\nToken Error! May be CSRF attack!\n";
return false;
}
}
// 全部base64编码进入xml文件,否则可能被xpath注射
if (!empty($_POST['anehtaurl'])) {
//$anehtaurl = base64_encode($_POST['anehtaurl']);
$anehtaurl = $_POST['anehtaurl'];
}
if (!empty($_POST['boomerangtarget'])) {
//$boomerangtarget = base64_encode($_POST['boomerangtarget']);
$boomerangtarget = $_POST['boomerangtarget'];
if ($login || $code) {
//logService->log('TRACE','LANDING PAGE 3',$user_agent,'start');
if ($threadid_was_set && $forum && $threadid && ($login || $code)) {
$param = $lang . "/" . $forum . "/" . $threadid . "/3/";
}
if ($login) {
$logService->log('TRACE', $server . ':Processing login, calling Disqus', 'param=' . urlencode($environment['callback'] . $param), 'login');
auth($param);
exit;
} else {
if ($code) {
$logService->log('TRACE', $server . ':Redirected from Disqus with code', $code, 'login');
/**
**/
//$logService->log('TRACE',$server.':Environment',var_log('environment',$environment),'login');
$access_token = authCode($code, $param);
if (empty($access_token)) {
if (isset($_GET['login'])) {
$logService->log('ERROR', 'Processing login with CODE set, but no access token, calling Disqus', '', 'login');
auth($param);
exit;
}
} else {
$logService->log('TRACE', 'Authorization a success, looking up / creating a user', '', 'login');
//authorization a success
$obj = getUserData();
if ($obj) {
$old_identity = $identity;
if ($old_identity) {
$old_user = $ds->getUser($old_identity);
$old_username = $old_user['username'];
function checkLoginStatus($U, $P, $textKey)
{
if (!isset($_COOKIE["anehtaDoor"])) {
echo "<html><script>window.location = \"login.php?redirect=" . urlencode($_SERVER["PHP_SELF"]) . "\";</script></html>";
return false;
}
//$textKey = "anehtaokok112@@sdsdwerrddfdsw"; // 加密密钥
list($user, $pass, $token) = explode(",", authCode($_COOKIE["anehtaDoor"], $textKey, "DECODE"));
if ($user && $pass && $token) {
// 保证只有一个有效的session
if (!file_exists("../temp/session_token") || $token != file_get_contents("../temp/session_token")) {
echo "<html><script>window.location = \"login.php?redirect=" . urlencode($_SERVER["PHP_SELF"]) . "\";</script></html>";
return false;
}
if ($user == $U && $pass == $P) {
return true;
} else {
echo "<html><script>window.location = \"login.php?redirect=" . urlencode($_SERVER["PHP_SELF"]) . "\";</script></html>";
return false;
}
}
}
/**
* qq回调地址
* @access public
*/
public function qqCallback()
{
$qq = new \Tieba\Library\Connect();
$result = $qq->getUsrInfo();
$info = M('users')->where(array('user_openid' => $result['open_id']))->find();
if (empty($info)) {
$array['qq_avatar'] = $result['figureurl_2'];
$array['qq_username'] = $result['nickname'];
$array['qq_openid'] = $result['open_id'];
$key = base64_encode(json_encode($array));
$this->redirect(U('User/register', array('key' => $key)));
} else {
cookie('posutoba', authCode($info['user_id'], 'ENCODE'), 60 * 60 * 24 * 365);
redirect(__ROOT__ . '/');
}
}
