function ModuleObject( $config )
{
$this->MasterObject($config);
$this->Username = post('username', 'string');
$this->Password = post('password', 'string');
$this->Secques = quescrypt($this->Post['question'], $this->Post['answer']);
if ( MEMBER_ID > 0 )
{
$this->IsAdmin = true;
}
if(strlen($_GET['code']) == 32 && strlen($_GET['state']) == 32){
$this->Code = 'qqlogin';
}
$runCode = Load::moduleCode($this);
$this->$runCode();
}
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
include template('login');
} else {
if ($_DCACHE['settings']['frameon'] && $_DCOOKIE['frameon'] == 'yes') {
$extrahead .= '<script>if(top != self) {parent.leftmenu.location.reload();}</script>';
}
$discuz_uid = 0;
$discuz_user = $discuz_pw = $discuz_secques = $md5_password = '';
$member = array();
$loginperm = logincheck();
if (!$loginperm) {
showmessage('login_strike');
}
$secques = quescrypt($questionid, $answer);
if (isset($loginauth)) {
$field = 'username';
$password = '******';
list($username, $md5_password) = daddslashes(explode("\t", authcode($loginauth, 'DECODE')), 1);
} else {
$md5_password = md5($password);
$password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
}
$query = $db->query("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,\r\n\t\t\t\t\tm.adminid, m.groupid, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.allowinvisible\r\n\t\t\t\t\tFROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)\r\n\t\t\t\t\tWHERE m.{$field}='{$username}'");
$member = $db->fetch_array($query);
if ($member['discuz_uid'] && $member['discuz_pw'] == $md5_password) {
if ($member['discuz_secques'] == $secques && !$seccodemiss) {
extract($member);
$discuz_userss = $discuz_user;
$discuz_user = addslashes($discuz_user);
function uc_add_user($username, $password, $email, $nickname, $uid = 0, $questionid = '', $answer = '', $regip = '')
{
global $_G;
$salt = substr(uniqid(rand()), -6);
$setarr = array('salt' => $salt, 'password' => md5(md5($password) . $salt), 'username' => $username, 'nickname' => $nickname, 'secques' => quescrypt($questionid, $answer), 'email' => $email, 'regdate' => TIMESTAMP);
$setarr['uid'] = DB::insert('user', $setarr, 1);
return $setarr;
}
} else {
$nNums = $GETSQL->fNumrows("SELECT `uid` FROM `{$ODBC['tablepre']}members` WHERE `username`='{$_POST['regname']}'");
if ($nNums > 0) {
die(gb2utf8("error 对不起!您输入的用户名已经被注册"));
} else {
if ($config['bbs'] == '1') {
$GETSQL->fDelete("`cdb_sessions`", "`username`='' OR `username`='{$_POST['regname']}'", "1");
}
//$gettime = fgetdate();
$regpwd = md5($_POST['userpwd']);
$regname = $_POST['regname'];
//$reguid = md5($_POST['regname']);
if ($_POST['questionid'] != '') {
$secques = "";
} else {
$secques = quescrypt($_POST['questionid'], $_POST['answer']);
}
if ($config['bbs'] == '1') {
$cQuery = array("`username`", "`password`", "`secques`", "`groupid`", "`regip`", "`regdate`", "`lastvisit`", "`lastactivity`", "`email`");
$cData = array($regname, $regpwd, $secques, 10, $onlineip, $nowtime, $nowtime, $nowtime, $_POST['regemail']);
$GETSQL->fInsert("`cdb_members`", $cQuery, $cData);
$reguid = $GETSQL->insert_id();
$cQuery = array("`uid`");
$cData = array($reguid);
$GETSQL->fInsert("`cdb_memberfields`", $cQuery, $cData);
} else {
$reguid = $nowtime;
}
$cQuery = array("`uid`", "`username`", "`userpwd`", "`groupid`", "`useremail`", "`regdate`");
$cData = array($reguid, $regname, $regpwd, 3, $_POST['regemail'], $nowtime);
$GETSQL->fInsert("`{$ODBC['tablepre']}members`", $cQuery, $cData);
define('CURRSCRIPT', 'logging');
require './include/common.php';
if (isset($_POST['password'])) {
$password = $_POST['password'];
}
if (isset($_POST['username'])) {
$username = $_POST['username'];
}
$discuz_uid = $adminid = 0;
$discuz_user = $discuz_pw = $discuz_secques = '';
$loginperm = logincheck();
if (!$loginperm) {
echo 'login_strike';
exit;
}
$secques = $questionid && $answer ? quescrypt($questionid, $answer) : '';
$errorlog = "{$timestamp}\t{$username}\t" . substr($password, 0, 2);
for ($i = 3; $i < strlen($password); $i++) {
$errorlog .= '*';
}
$errorlog .= substr($password, -1) . "\t" . ($secques ? "Ques #{$questionid}" : '') . "\t{$onlineip}\n";
$password = md5($password);
$query = $db->query("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.adminid, m.groupid, m.credit, m.styleid AS styleidmem, m.lastvisit, m.lastpost, u.type as usertype, u.creditshigher, u.creditslower, u.allowinvisible\r\n\t\t\t\t\tFROM {$table_members} m LEFT JOIN {$table_usergroups} u USING (groupid)\r\n\t\t\t\t\tWHERE username='******' AND password='******' AND secques='{$secques}'");
@extract($db->fetch_array($query));
loginrecord($discuz_uid, $loginperm);
if ($discuz_uid) {
echo 'OK ' . $discuz_user;
exit;
} else {
@($fp = fopen(DISCUZ_ROOT . './forumdata/illegallog.php', 'a'));
@flock($fp, 2);
$sachecked = array($customshow[1] => 'selected="selected"');
$sichecked = array($customshow[2] => 'selected="selected"');
$dateformatlist = array();
if (!empty($userdateformat) && ($count = count($userdateformat))) {
for ($num = 1; $num <= $count; $num++) {
$dateformatlist[$num] = str_replace(array('n', 'j', 'y', 'Y'), array('mm', 'dd', 'yy', 'yyyy'), $userdateformat[$num - 1]);
}
}
}
include template('memcp_profile');
} else {
require_once DISCUZ_ROOT . './include/discuzcode.func.php';
$membersql = $memberfieldsql = $authstradd1 = $authstradd2 = $newpasswdadd = '';
if ($typeid == 1) {
if (!$passport_status) {
$secquesnew = $questionidnew == -1 ? $discuz_secques : quescrypt($questionidnew, $answernew);
if ($newpassword || $secquesnew != $discuz_secques) {
if (md5($oldpassword) != $discuz_pw) {
showmessage('profile_passwd_wrong', NULL, 'HALTED');
}
if ($newpassword) {
if ($newpassword != addslashes($newpassword)) {
showmessage('profile_passwd_illegal');
} elseif ($newpassword != $newpassword2) {
showmessage('profile_passwd_notmatch');
}
$newpasswdadd = ", password='******'";
}
}
if (($adminid == 1 || $adminid == 2 || $adminid == 3) && !$secquesnew && $admincp['forcesecques']) {
showmessage('profile_admin_security_invalid');
