Esempio n. 1
0
function CheckRank($rank = 0, $money = 0)
{
    global $cfg_ml, $cfg_memberurl;
    if (!$cfg_ml->IsLogin()) {
        header("Location:{$cfg_memberurl}/login.php?gourl=" . urlencode(GetCurUrl()));
        exit;
    } else {
        if ($cfg_ml->M_Rank < $rank) {
            $needname = "";
            if ($cfg_ml->M_Rank == 0) {
                $row = $dsql->GetOne("Select membername From #@__arcrank where rank='{$rank}'");
                $myname = "普通会员";
                $needname = $row['membername'];
            } else {
                $dsql->SetQuery("Select membername From #@__arcrank where rank='{$rank}' Or rank='" . $cfg_ml->M_Rank . "' order by rank desc");
                $dsql->Execute();
                $row = $dsql->GetObject();
                $needname = $row->membername;
                if ($row = $dsql->GetObject()) {
                    $myname = $row->membername;
                } else {
                    $myname = "普通会员";
                }
            }
            ShowMsg("对不起,需要:<span style='font-size:11pt;color:red'>{$needname}</span> 才能访问本页面。<br>你目前的等级是:<span style='font-size:11pt;color:red'>{$myname}</span> 。", "-1", 0, 5000);
            exit;
        } else {
            if ($cfg_ml->M_Money < $money) {
                ShowMsg("对不起,需要花费金币:<span style='font-size:11pt;color:red'>{$money}</span> 才能访问本页面。<br>你目前拥有的金币是:<span style='font-size:11pt;color:red'>" . $cfg_ml->M_Money . "</span>  。", "-1", 0, 5000);
                exit;
            }
        }
    }
}
Esempio n. 2
0
 function slide()
 {
     parent::__construct();
     $this->style = 'admin';
     //获取url
     $this->currurl = GetCurUrl();
     //载入模型
     $this->answer = $this->Model('askanswer');
     $this->question = $this->Model('mquestion');
 }
Esempio n. 3
0
 function asktype()
 {
     parent::__construct();
     //获取url
     $this->currurl = GetCurUrl();
     //获取类别
     require_once DEDEASK . '/data/asktype.inc.php';
     $this->asktypes = $asktypes;
     $this->style = 'admin';
     //载入模型
     $this->type = $this->Model('mtype');
 }
Esempio n. 4
0
/**
 *  检查用户是否有权限进行某个操作
 *
 * @param     int  $rank  权限值
 * @param     int  $money  金币
 * @param     bool  $needinfo  是否需要填写详细信息
 * @return    void
 */
function CheckRank($rank = 0, $money = 0, $needinfo = TRUE)
{
    global $cfg_ml, $cfg_memberurl, $cfg_mb_reginfo, $cfg_mb_spacesta;
    if (!$cfg_ml->IsLogin()) {
        header("Location:{$cfg_memberurl}/login.php?gourl=" . urlencode(GetCurUrl()));
        exit;
    } else {
        if ($cfg_mb_reginfo == 'Y' && $needinfo) {
            //如果启用注册详细信息
            if ($cfg_ml->fields['spacesta'] == 0 || $cfg_ml->fields['spacesta'] == 1) {
                ShowMsg("尚未完成详细资料,请完善...", "{$cfg_memberurl}/index_do.php?fmdo=user&dopost=regnew&step=2", 0, 1000);
                exit;
            }
        }
        if ($cfg_mb_spacesta == '-10') {
            //如果启用注册邮件验证
            if ($cfg_ml->fields['spacesta'] == '-10') {
                $msg = "您尚未进行邮件验证,请到邮箱查阅...</br>重新发送邮件验证 <a href='/member/index_do.php?fmdo=sendMail'><font color='red'>点击此处</font></a>";
                ShowMsg($msg, "-1", 0, 5000);
                exit;
            }
        }
        if ($cfg_ml->M_Rank < $rank) {
            $needname = "";
            if ($cfg_ml->M_Rank == 0) {
                $row = $dsql->GetOne("SELECT membername FROM #@__arcrank WHERE rank='{$rank}'");
                $myname = "普通会员";
                $needname = $row['membername'];
            } else {
                $dsql->SetQuery("SELECT membername From #@__arcrank WHERE rank='{$rank}' OR rank='" . $cfg_ml->M_Rank . "' ORDER BY rank DESC");
                $dsql->Execute();
                $row = $dsql->GetObject();
                $needname = $row->membername;
                if ($row = $dsql->GetObject()) {
                    $myname = $row->membername;
                } else {
                    $myname = "普通会员";
                }
            }
            ShowMsg("对不起,需要:<span style='font-size:11pt;color:red'>{$needname}</span> 才能访问本页面。<br>你目前的等级是:<span style='font-size:11pt;color:red'>{$myname}</span> 。", "-1", 0, 5000);
            exit;
        } else {
            if ($cfg_ml->M_Money < $money) {
                ShowMsg("对不起,需要花费金币:<span style='font-size:11pt;color:red'>{$money}</span> 才能访问本页面。<br>你目前拥有的金币是:<span style='font-size:11pt;color:red'>" . $cfg_ml->M_Money . "</span>  。", "-1", 0, 5000);
                exit;
            }
        }
    }
}
Esempio n. 5
0
 function issue()
 {
     parent::__construct();
     $this->temp = DEDEAPPTPL . '/admin';
     $this->lurd = new Lurd('#@__ask', $this->temp, $this->temp . '/lurd');
     $this->lurd->appName = "问题管理";
     $this->lurd->isDebug = FALSE;
     //开启调试模式后每次都会生成模板
     $this->lurd->stringSafe = 2;
     //默认1(只限制不安全的HTML[script、frame等],0--为不限,2--为不支持HTML
     //获取url
     $this->currurl = GetCurUrl();
     //载入模型
     $this->question = $this->Model('mquestion');
 }
Esempio n. 6
0
function getArticleList($parm)
{
    if (empty($parm['type_id'])) {
        return;
    }
    $map['type_id'] = $parm['type_id'];
    $Osql = "id DESC";
    $field = "id,title,art_set,art_time,art_url";
    if ($parm["need_content"]) {
        $field .= ",art_content";
    }
    //查询条件
    if ($parm['pagesize']) {
        //分页处理
        import("ORG.Util.Page");
        $count = M('article')->where($map)->count('id');
        $depr = C('URL_PATHINFO_DEPR');
        $cur_url = GetCurUrl();
        if (preg_match("/\\/l\\/([a-zA-z-]+)\\/([\\w\\/]*)\\?l=([a-zA-z-]+)/", $cur_url) === 1) {
            $cur_url = preg_replace("/\\?l=([a-zA-z-]+)/", "", $cur_url);
        }
        $p = new Page($count, $parm['pagesize'], '', preg_replace(array('/.html\\/l\\/([a-zA-z-]+)\\/\\d*/', '/.html\\/\\d+/'), array('.html?l=' . LANG_SET, '.html'), ltrim($cur_url, $depr)));
        $page = $p->show();
        $Lsql = "{$p->firstRow},{$p->listRows}";
        //分页处理
    } else {
        $page = "";
        $Lsql = "{$parm['limit']}";
    }
    $data = M('article')->field($field)->where($map)->order($Osql)->limit($Lsql)->select();
    $suffix = C("URL_HTML_SUFFIX");
    $typefix = get_type_leve_nid($map['type_id']);
    $typeu = implode("/", $typefix);
    foreach ($data as $key => $v) {
        if ($v['art_set'] == 1) {
            $data[$key]['arturl'] = stripos($v['art_url'], "http://") === false ? "http://" . $v['art_url'] : $v['art_url'];
        } else {
            $data[$key]['arturl'] = MU("Home/{$typeu}", "article", array("id" => $v['id'], "suffix" => $suffix));
        }
    }
    $row = array();
    $row['list'] = $data;
    $row['page'] = $page;
    return $row;
}
Esempio n. 7
0
 public static function loader($appid, $file, $url = "")
 {
     global $_G;
     global $_CACHE;
     $cache = VI_ROOT . 'cache/dataset/' . $appid . "/" . $file . ".php";
     if (file_exists($cache)) {
         return require $cache;
     } elseif ($url) {
         if (strrpos($url, "=") > 0 || strrpos($url, "%3d") > 0) {
             $url .= "&jump=" . GetCurUrl();
         } else {
             $url .= "?jump=" . GetCurUrl();
         }
         header("Location:" . VI_BASE . "serve.error.php?action=cache&cache=" . ($id ? $file . "/" . $id : $file) . "&url=" . urlencode($url));
     } else {
         return FALSE;
     }
 }
Esempio n. 8
0
function get_openid($openid = NULL)
{
    if ($openid !== NULL) {
        $_SESSION['openid'] = $openid;
    } elseif (!empty($_REQUEST['openid'])) {
        $_SESSION['openid'] = $_REQUEST['openid'];
    }
    if (isset($_SESSION['openid'])) {
        $openid = $_SESSION['openid'];
    }
    $isWeixinBrowser = isWeixinBrowser();
    if ((empty($openid) || $openid == '-1') && $isWeixinBrowser) {
        $callback = GetCurUrl();
        OAuthWeixin($callback);
    }
    if (empty($openid)) {
        return -1;
    }
    return $openid;
}
Esempio n. 9
0
 function getPaymentOpenid()
 {
     // echo '444';
     $callback = GetCurUrl();
     if (defined('IN_WEIXIN') && IN_WEIXIN || isset($_GET['is_stree'])) {
         return false;
     }
     $callback = urldecode($callback);
     $isWeixinBrowser = isWeixinBrowser();
     // echo '555';die();
     // $info = get_token_appinfo ( $token );
     if (strpos($callback, '?') === false) {
         $callback .= '?';
     } else {
         $callback .= '&';
     }
     // if (! $isWeixinBrowser || $info ['type'] != 2 || empty ( $info ['appid'] )) {
     // redirect ( $callback . 'openid=-1' );
     // }
     // $map['token'] = get_token();
     // $info=M ( 'payment_set' )->where($map)->find();
     $param['appid'] = $this->payConfig['wxappid'];
     if (!isset($_GET['getOpenId'])) {
         $param['redirect_uri'] = $callback . 'getOpenId=1';
         $param['response_type'] = 'code';
         $param['scope'] = 'snsapi_base';
         $param['state'] = 123;
         $url = 'https://open.weixin.qq.com/connect/oauth2/authorize?' . http_build_query($param) . '#wechat_redirect';
         redirect($url);
     } else {
         if ($_GET['state']) {
             $param['secret'] = $this->payConfig['wxappsecret'];
             $param['code'] = I('code');
             $param['grant_type'] = 'authorization_code';
             $url = 'https://api.weixin.qq.com/sns/oauth2/access_token?' . http_build_query($param);
             $content = file_get_contents($url);
             $content = json_decode($content, true);
             return $content['openid'];
         }
     }
 }
Esempio n. 10
0
    require_once PHPMYWIND_INC . '/mysql.class.php';
}
//引入语言包
//Session保存路径
$sess_savepath = PHPMYWIND_DATA . '/sessions/';
if (is_writable($sess_savepath) && is_readable($sess_savepath)) {
    session_save_path($sess_savepath);
}
//上传文件保存路径
$cfg_image_dir = PHPMYWIND_UPLOAD . '/image';
$cfg_soft_dir = PHPMYWIND_UPLOAD . '/soft';
$cfg_media_dir = PHPMYWIND_UPLOAD . '/media';
//系统版本号
$cfg_vernum = '5.3 Beta';
$cfg_vertime = '20150913221909';
//设置默认时区
if (PHP_VERSION > '5.1') {
    $time51 = $cfg_timezone * -1;
    @date_default_timezone_set('Etc/GMT' . $time51);
}
//判断是否开启错误提示
if ($cfg_diserror == 'Y') {
    error_reporting(E_ALL);
} else {
    error_reporting(0);
}
//判断访问设备
//如果手动更改后台目录,请将/admin目录更改成新后台目录
if (IsMobile() && !strstr(GetCurUrl(), '4g.php') && $cfg_mobile == 'Y' && !strstr(GetCurUrl(), '/admin')) {
    header('location:4g.php');
}
Esempio n. 11
0
File: config.php Progetto: cwcw/cms 
define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__)));
require_once DEDEADMIN . '/../include/common.inc.php';
require_once DEDEINC . '/userlogin.class.php';
header('Cache-Control:private');
$dsql->safeCheck = FALSE;
$dsql->SetLongLink();
$cfg_admin_skin = 1;
// 后台管理风格
if (file_exists(DEDEDATA . '/admin/skin.txt')) {
    $skin = file_get_contents(DEDEDATA . '/admin/skin.txt');
    $cfg_admin_skin = !in_array($skin, array(1, 2, 3, 4)) ? 1 : $skin;
}
//获得当前脚本名称,如果你的系统被禁用了$_SERVER变量,请自行更改这个选项
$dedeNowurl = $s_scriptName = '';
$isUrlOpen = @ini_get('allow_url_fopen');
$dedeNowurl = GetCurUrl();
$dedeNowurls = explode('?', $dedeNowurl);
$s_scriptName = $dedeNowurls[0];
$cfg_remote_site = empty($cfg_remote_site) ? 'N' : $cfg_remote_site;
//检验用户登录状态
$cuserLogin = new userLogin();
if ($cuserLogin->getUserID() == -1) {
    header("location:login.php?gotopage=" . urlencode($dedeNowurl));
    exit;
}
function XSSClean($val)
{
    if (is_array($val)) {
        while (list($key) = each($val)) {
            $val[$key] = XSSClean($val[$key]);
        }
Esempio n. 12
0
        $gid = $dsql->GetLastID();
        if ($needCheck == 1) {
            require_once DEDEINC . "/oxwindow.class.php";
            $msg = "\r\n        <font color='red'><b>成功发送或回复留言!</b></font> &nbsp; <a href='guestbook.php' style='font-size:14px;font-weight:bold'><u>我已经知道了,点击此返回&gt;&gt;</u></a>";
            $wintitle = "留言发布成功提示";
            $wecome_info = "留言发布成功:";
            $win = new OxWindow();
            $win->Init("", "js/blank.js", "post");
            $win->AddTitle("提示:");
            $win->AddMsgItem("<div style='padding:20px;line-height:300%;font-size:14px'>{$msg}</div>");
            $winform = $win->GetWindow("hand");
            $win->Display();
        } else {
            ShowMsg('成功发送一则留言,但需审核后才能显示!', 'guestbook.php', 0, 3000);
        }
        exit;
    } else {
        setcookie('GUEST_BOOK_POS', GetCurUrl(), time() + 3600, '/');
        if ($g_isadmin) {
            $sql = 'SELECT * FROM `#@__guestbook` ORDER BY id DESC';
        } else {
            $sql = 'SELECT * FROM `#@__guestbook` WHERE ischeck=1 ORDER BY id DESC';
        }
        $dlist = new DataListCP();
        $dlist->pageSize = 10;
        $dlist->SetParameter('gotopagerank', $gotopagerank);
        $dlist->SetTemplate(DEDETEMPLATE . '/plus/guestbook.htm');
        $dlist->SetSource($sql);
        $dlist->Display();
    }
}
Esempio n. 13
0
<?php

/**
 * 我的收藏夹
 * 
 * @version        $Id: mystow.php 1 8:38 2010年7月9日Z tianya $
 * @package        DedeCMS.Member
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once dirname(__FILE__) . "/config.php";
CheckRank(0, 0);
require_once DEDEINC . "/datalistcp.class.php";
setcookie("ENV_GOBACK_URL", GetCurUrl(), time() + 3600, "/");
$type = empty($type) ? "sys" : trim($type);
$tpl = '';
$menutype = 'mydede';
$rank = empty($rank) ? "" : $rank;
if ($rank == 'top') {
    $sql = "SELECT s.*,COUNT(s.aid) AS num,t.*  from #@__member_stow AS s LEFT JOIN `#@__member_stowtype` AS t on t.stowname=s.type group by s.aid order by num desc";
    $tpl = 'stowtop';
} else {
    $sql = "SELECT s.*,t.* FROM `#@__member_stow` AS s left join `#@__member_stowtype` AS t on t.stowname=s.type  where s.mid='" . $cfg_ml->M_ID . "' order by s.id desc";
    $tpl = 'mystow';
}
$dsql->Execute('nn', 'SELECT indexname,stowname FROM `#@__member_stowtype`');
while ($row = $dsql->GetArray('nn')) {
    $rows[] = $row;
}
$dlist = new DataListCP();
Esempio n. 14
0
function get_openid($openid = NULL)
{
    $token = get_token();
    if ($openid !== NULL) {
        session('openid_' . $token, $openid);
    } elseif (!empty($_REQUEST['openid'])) {
        session('openid_' . $token, $_REQUEST['openid']);
    }
    $openid = session('openid_' . $token);
    $isWeixinBrowser = isWeixinBrowser();
    if (empty($openid) && $isWeixinBrowser) {
        $callback = GetCurUrl();
        OAuthWeixin($callback);
    }
    if (empty($openid)) {
        return -1;
    }
    return $openid;
}
Esempio n. 15
0
 public function index()
 {
     if (IS_GET) {
         $url = GetCurUrl();
         weixin_log($url, 'auth');
         if ($this->auth(TOKEN)) {
             echo $_GET['echostr'];
         }
         die;
     }
     $content = file_get_contents('php://input');
     $content = new \SimpleXMLElement($content);
     foreach ($content as $key => $value) {
         $data[$key] = strval($value);
     }
     $this->data = $data;
     weixin_log($data, $GLOBALS['HTTP_RAW_POST_DATA']);
     if (!empty($data['FromUserName'])) {
         session('openid', $data['FromUserName']);
     }
     $key = $data['Content'];
     $keywordArr = array();
     $list = D('addons')->where('is_weixin=1')->findAll();
     foreach ($list as $vo) {
         if ($vo['status']) {
             $addon_list[] = $vo;
         } else {
             $forbit_list[] = $vo;
         }
     }
     if ($data['MsgType'] == 'event') {
         $event = strtolower($data['Event']);
         foreach ($addon_list as $vo) {
             $name = $vo['name'];
             $this->plugin_deal($name, $event, $data);
         }
         if (!($event == 'click' && !empty($data['EventKey']))) {
             return true;
         }
         $key = $data['Content'] = $data['EventKey'];
     }
     $uid = intval($this->mid);
     $user_status = S('user_status_' . $uid);
     if (!isset($plugins[$key]) && $user_status) {
         $plugins[$key] = $user_status['module'];
         $keywordArr = $user_status['keywordArr'];
         S('user_status_' . $uid, null);
     }
     if (!isset($plugins[$key])) {
         foreach ($addon_list as $k => $vo) {
             $plugins[$vo['name']] = $k;
             $plugins[$vo['pluginName']] = $k;
         }
     }
     if (!isset($plugins[$key])) {
         $like['keyword'] = array('like', "%{$key}%");
         if (!empty($forbit_list)) {
             $like['module'] = array('not in', $forbit_list);
         }
         $keywordArr = M('keyword')->where($like)->order('id desc')->find();
         $plugins[$key] = $keywordArr['module'];
     }
     // 回答不上
     if (!isset($plugins[$key])) {
         $plugins[$key] = 'Base';
     }
     $this->plugin_deal($plugins[$key], 'response', $data, $keywordArr);
 }
Esempio n. 16
0
  copy($configfile,$configfile_bak) or die("保存配置{$configfile}时失败!请检测权限");
	$fp = fopen($configfile,'w') or die("保存配置{$configfile}时失败!请检测权限");
	flock($fp,3);
	fwrite($fp,"<"."?php\r\n");
  while($row = $dsql->GetArray()){
  	fwrite($fp,"\${$row['varname']} = '".str_replace("'","\\'",$row['value'])."';\r\n");
  }
  fwrite($fp,"?".">");
  fclose($fp);
  $dsql->ExecuteNoneQuery("Delete From #@__member ");
  $dsql->ExecuteNoneQuery("Delete From #@__member_arctype ");
  $dsql->ExecuteNoneQuery("Delete From #@__member_flink ");
  $dsql->ExecuteNoneQuery("Delete From #@__member_guestbook ");
  $dsql->ExecuteNoneQuery("Delete From #@__memberstow ");
  $dsql->Close();
  $nurl = GetCurUrl();
  $nurl = str_replace("savesetting","converdata",$nurl);
  ShowMsg("完成数据保存,并清空本系统的会员数据,现在开始导入数据!",$nurl);
  exit();
}
/*-------------------------------
//保存用户设置,转换会员数据
function __ConverData()
--------------------------------*/
else if($action=='converdata'){
	set_time_limit(0);
	if(empty($tgmd5len)) $tgmd5len = 32;
	if($tgmd5len < $cfg_md5len && $tgtype=='md5'){
		ShowMsg("无法从短的MD5密码转换为更长的密码!","javascript:;");
		exit();
	}
Esempio n. 17
0
define('ConfigDIR', "config" . pathspace);
require ConfigDIR . "config.php";
//模块目录
define('ModuleDIR', "module" . pathspace);
//语言目录
define('LanDIR', PluginDIR . "language" . pathspace);
//标签目录
define('TagDIR', PluginDIR . 'tag' . pathspace);
//模板目录
define('TmpDIR', $config['tmpDir'] . pathspace);
//载入通用模块
require LanDIR . $config['language'] . ".php";
require PluginDIR . "url.php";
require PluginDIR . "dbBase.php";
//解析URL地址
$arr = explode('/', GetCurUrl());
//检查URL,加载请求模块
if (count($arr) > 3) {
    //判断索引文件是否存在
    if (is_dir(ModuleDIR . $arr[2])) {
        //加载初始化
        include_once PluginDIR . "contrl.php";
        $module_file = ModuleDIR . $arr[2] . pathspace . "index.php";
        if (is_file($module_file)) {
            include_once $module_file;
            $clsname = $arr[2];
            //执行方法
            if (isset($clsname)) {
                $obj = new $clsname();
                if (in_array($arr[3], get_class_methods($clsname))) {
                    //解析方法参数
Esempio n. 18
0
function get_openid($openid = NULL)
{
    $mp_id = get_mpid();
    if ($openid !== NULL) {
        session('openid_' . $mp_id, $openid);
    } elseif (!empty($_REQUEST['openid'])) {
        session('openid_' . $mp_id, $_REQUEST['openid']);
    }
    $openid = session('openid_' . $mp_id);
    trace($mp_id . 'wechat:openid' . $openid, '微信', 'DEBUG', true);
    $isWeixinBrowser = isWeixinBrowser();
    //下面这段应该逻辑没问题,如果公众号配置信息错误或者没有snsapi_base作用域的获取信息权限可能会出现死循环,注释掉以下if可治愈
    if ($openid <= 0 && $isWeixinBrowser) {
        trace('wechat:openid1' . $openid, '微信', 'DEBUG', true);
        $callback = GetCurUrl();
        // OAuthWeixin ( $callback );
        $info = get_mpid_appinfo();
        trace('wechat:OAuthWeixin' . $info['id'], '微信', 'DEBUG', true);
        $options['token'] = APP_TOKEN;
        $options['appid'] = $info['appid'];
        //初始化options信息
        $options['appsecret'] = $info['secret'];
        $options['encodingaeskey'] = $info['encodingaeskey'];
        $auth = new Com\Wxauth($options);
        $openid = $auth->open_id;
        trace('wechat:openid3' . $openid, '微信', 'DEBUG', true);
    }
    if (empty($openid)) {
        return -1;
    }
    trace($mp_id . 'wechat:openid2' . $openid, '微信', 'DEBUG', true);
    return $openid;
}
Esempio n. 19
0
<?php

/**
 * @version        $Id: create.php 1 12:11 2010年9月13日Z tianya $
 * @package        DedeCMS.Module.Group
 * @copyright      Copyright (c) 2007 - 2010, DesDev, Inc.
 * @license        http://help.dedecms.com/usersguide/license.html
 * @link           http://www.dedecms.com
 */
require_once dirname(__FILE__) . "/config.php";
require_once DEDEINC . "/oxwindow.class.php";
require_once DEDEINC . "/image.func.php";
require_once DEDEMEMBER . '/inc/inc_archives_functions.php';
$action = isset($action) ? trim($action) : '';
if (!$cfg_ml->IsLogin()) {
    ShowMsg("你尚未登录或已经超时!", $cfg_member_dir . "/login.php?gourl=" . urlencode(GetCurUrl()));
    exit;
}
if (!isset($cfg_group_creators)) {
    $cfg_group_creators = 0;
    //积分条件全局
}
if (!isset($cfg_group_max)) {
    $cfg_group_max = 0;
    //用户可建圈子数全局
}
//对积分要求
if ($cfg_ml->M_Scores < $cfg_group_creators) {
    ShowMsg("积分小于{$cfg_group_creators}!还没达到创建圈子积分条件.", "-1");
    exit;
}
Esempio n. 20
0
	con.style.display=i==cursel?"block":"none";
	}
}
function setTabNew(name,cursel,n){
	for(i=1;i<=n;i++){
	var menu=document.getElementById(name+i);
	var con=document.getElementById("Ncon_"+name+"_"+i);
	menu.className=i==cursel?"hover1":"nohover";
	con.style.display=i==cursel?"block":"none";
	}
}
function LoginSubmit() {
	$.jBox.tip("登陆中......",'loading');
	$.ajax({
		url: "__APP__/member/common/actlogin",
		data: {"sUserName": $("#txtUser").val(),"sPassword": $("#txtPwd").val(),"sVerCode": $("#txtCode").val(),"Keep":$("#loginstate").val(),"url_referer":'<?php echo GetCurUrl(); ?>'},
		timeout: 5000,
		cache: false,
		type: "post",
		dataType: "json",
		success: function (d, s, r) {
			if(d){
				if(d.status==0){
					$.jBox.tip(d.message,"tip");	
				}else{
					window.location.href=d.url_referer;
				}
			}
		}
	});
}
Esempio n. 21
0
} else {
    $cfg_siteid = 1;
    $cfg_sitekey = '';
}
require_once MOBILE_INC . '/admin.func.php';
require_once MOBILE_INC . '/page.class.php';
//加载模板页面
if ($c == 'index' || $c == 'web_config' || $c == 'infoclass' || $c == 'info' || $c == 'infolist' || $c == 'infoimg') {
    //检测是否登录
    if (!isset($_SESSION['admin']) || !isset($_SESSION['adminlevel']) || !isset($_SESSION['logintime'])) {
        $_SESSION = array();
        session_destroy();
        if (strstr(GetCurUrl(), '/plugin/') or strstr(GetCurUrl(), '/editor/')) {
            echo '<script type="text/javascript">window.top.location.href="../login.php";</script>';
        } else {
            if (strstr(GetCurUrl(), 'inc/config.inc.php')) {
                echo '<script type="text/javascript">window.top.location.href="login.php";</script>';
            } else {
                echo '<script type="text/javascript">window.top.location.href="login.php";</script>';
            }
        }
        exit;
    }
}
//登录页面
if ($c == 'login') {
    require_once 'mobile/login.php';
    exit;
} else {
    if ($c == 'index') {
        require_once 'mobile/index.php';
Esempio n. 22
0
function get_openid($openid = NULL)
{
    $mp_id = get_mpid();
    if ($openid !== NULL) {
        session('openid_' . $mp_id, $openid);
    } elseif (!empty($_REQUEST['openid'])) {
        session('openid_' . $mp_id, $_REQUEST['openid']);
    }
    $openid = session('openid_' . $mp_id);
    $isWeixinBrowser = isWeixinBrowser();
    //下面这段应该逻辑没问题,如果公众号配置信息错误或者没有snsapi_base作用域的获取信息权限可能会出现死循环,注释掉以下if可治愈
    if ($openid <= 0 && $isWeixinBrowser) {
        $callback = GetCurUrl();
        // OAuthWeixin ( $callback );
        $info = get_mpid_appinfo();
        $options['token'] = APP_TOKEN;
        $options['appid'] = $info['appid'];
        //初始化options信息
        $options['appsecret'] = $info['secret'];
        $options['encodingaeskey'] = $info['encodingaeskey'];
        $auth = new Com\Wxauth($options);
        $openid = $auth->open_id;
        session('wxuser_' . $mp_id . $openid, $auth->wxuser);
        //wxauth获得的微信用户信息存到session中
    }
    if (empty($openid)) {
        return -1;
    }
    return $openid;
}
Esempio n. 23
0
 function DisplayError($msg, $t = 0)
 {
     global $cfg_diserror;
     //向浏览器输出错误
     switch ($t) {
         case 0:
             $title = '安全警告:MySql Error!';
             break;
         case 1:
             $title = '安全警告:请检查您的SQL语句是否合法,您的操作将被强制停止!';
             break;
         default:
     }
     $str = '<div style="font-family:\'微软雅黑\';font-size:12px;">';
     $str .= '<h3 style="margin:0;padding:0;line-height:30px;color:red;">' . $title . '</h3>';
     $str .= '<strong>错误文件</strong>:' . GetCurUrl() . '<br />';
     $str .= '<strong>错误信息</strong>:' . $msg . '';
     $str .= '</div>';
     //判断是否输出错误提示
     if ($cfg_diserror == 'Y') {
         echo $str;
     }
     //保存MySql错误日志
     $userIP = GetIP();
     $getUrl = GetCurUrl();
     $getTime = GetDateTime(time());
     $logfile = dirname(__FILE__) . '/../data/error/mysql_error_trace.php';
     $savemsg = '<?php exit(); ?> Time: ' . $getTime . '. || Page: ' . $getUrl . ' || IP: ' . $userIP . ' || Error: ' . $msg . "\r\n";
     Writef($logfile, $savemsg, 'a+');
     //危险错误,强制停止
     if ($t == 1) {
         exit;
     }
 }
Esempio n. 24
0
 function CheckSql($db_string, $querytype = 'select')
 {
     global $cfg_cookie_encode;
     $clean = '';
     $error = '';
     $old_pos = 0;
     $pos = -1;
     $log_file = DEDEINC . '/../data/' . md5($cfg_cookie_encode) . '_safe.txt';
     $userIP = GetIP();
     $getUrl = GetCurUrl();
     //如果是普通查询语句,直接过滤一些特殊语法
     if ($querytype == 'select') {
         $notallow1 = "[^0-9a-z@\\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^0-9a-z@\\.-]{1,}";
         //$notallow2 = "--|/\*";
         if (preg_match("/" . $notallow1 . "/i", $db_string)) {
             fputs(fopen($log_file, 'a+'), "{$userIP}||{$getUrl}||{$db_string}||SelectBreak\r\n");
             exit("<font size='5' color='red'>Safe Alert: Request Error step 1 !</font>");
         }
     }
     //完整的SQL检查
     while (TRUE) {
         $pos = strpos($db_string, '\'', $pos + 1);
         if ($pos === FALSE) {
             break;
         }
         $clean .= substr($db_string, $old_pos, $pos - $old_pos);
         while (TRUE) {
             $pos1 = strpos($db_string, '\'', $pos + 1);
             $pos2 = strpos($db_string, '\\', $pos + 1);
             if ($pos1 === FALSE) {
                 break;
             } elseif ($pos2 == FALSE || $pos2 > $pos1) {
                 $pos = $pos1;
                 break;
             }
             $pos = $pos2 + 1;
         }
         $clean .= '$s$';
         $old_pos = $pos + 1;
     }
     $clean .= substr($db_string, $old_pos);
     $clean = trim(strtolower(preg_replace(array('~\\s+~s'), array(' '), $clean)));
     if (strpos($clean, '@') !== FALSE or strpos($clean, 'char(') !== FALSE or strpos($clean, '"') !== FALSE or strpos($clean, '$s$$s$') !== FALSE) {
         $fail = TRUE;
         if (preg_match("#^create table#i", $clean)) {
             $fail = FALSE;
         }
         $error = "unusual character";
     }
     //老版本的Mysql并不支持union,常用的程序里也不使用union,但是一些黑客使用它,所以检查它
     if (strpos($clean, 'union') !== FALSE && preg_match('~(^|[^a-z])union($|[^[a-z])~is', $clean) != 0) {
         $fail = TRUE;
         $error = "union detect";
     } elseif (strpos($clean, '/*') > 2 || strpos($clean, '--') !== FALSE || strpos($clean, '#') !== FALSE) {
         $fail = TRUE;
         $error = "comment detect";
     } elseif (strpos($clean, 'sleep') !== FALSE && preg_match('~(^|[^a-z])sleep($|[^[a-z])~is', $clean) != 0) {
         $fail = TRUE;
         $error = "slown down detect";
     } elseif (strpos($clean, 'benchmark') !== FALSE && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~is', $clean) != 0) {
         $fail = TRUE;
         $error = "slown down detect";
     } elseif (strpos($clean, 'load_file') !== FALSE && preg_match('~(^|[^a-z])load_file($|[^[a-z])~is', $clean) != 0) {
         $fail = TRUE;
         $error = "file fun detect";
     } elseif (strpos($clean, 'into outfile') !== FALSE && preg_match('~(^|[^a-z])into\\s+outfile($|[^[a-z])~is', $clean) != 0) {
         $fail = TRUE;
         $error = "file fun detect";
     } elseif (preg_match('~\\([^)]*?select~is', $clean) != 0) {
         $fail = TRUE;
         $error = "sub select detect";
     }
     if (!empty($fail)) {
         fputs(fopen($log_file, 'a+'), "{$userIP}||{$getUrl}||{$db_string}||{$error}\r\n");
         exit("<font size='5' color='red'>Safe Alert: Request Error step 2!</font>");
     } else {
         return $db_string;
     }
 }
Esempio n. 25
0
<?php

require_once dirname(__FILE__) . '/config.php';
CheckRank(0, 0);
require_once DEDEINC . '/datalistcp.class.php';
setcookie('ENV_GOBACK_URL', GetCurUrl(), time() + 3600, '/');
$query = "Select * From `#@__member_operation` where mid='" . $cfg_ml->M_ID . "' And product='archive' order by aid desc";
$dlist = new DataListCP();
$dlist->pageSize = 20;
$dlist->SetTemplate(DEDEMEMBER . '/templets/mypay.htm');
$dlist->SetSource($query);
$dlist->Display();
Esempio n. 26
0
function SetSysEvent($m = '', $cid = 0, $a = 'all')
{
    global $dosql;
    //数据库还原报错问题兼容方法
    if (strpos(GetCurUrl(), 'database_backup.php') && (isset($_GET['action']) && $_GET['action'] == 'import')) {
        return false;
    }
    $sql = "INSERT INTO `#@__sysevent` (uname, siteid, model, classid, action, posttime, ip) VALUE ('" . $_SESSION['admin'] . "', '" . $_SESSION['siteid'] . "', '{$m}', '{$cid}', '{$a}', '" . time() . "', '" . GetIP() . "')";
    //更新操作日志
    //一分钟内连续操作只记录一次
    $r = $dosql->GetOne("SELECT `posttime` FROM `#@__sysevent` WHERE `uname`='" . $_SESSION['admin'] . "' AND `siteid`=" . $_SESSION['siteid'] . " AND `model`='{$m}'  AND `action`='{$a}' ORDER BY id DESC");
    if (!isset($r['posttime'])) {
        $dosql->ExecNoneQuery($sql);
    } else {
        if (isset($r['posttime']) && $r['posttime'] < time() - 60) {
            $dosql->ExecNoneQuery($sql);
        }
    }
}
Esempio n. 27
0
}
?>
</head>
<body>

<?php
//检测安装目录安全性
if( is_dir(dirname(__FILE__).'/../install') 
&& !file_exists(dirname(__FILE__).'/../install/install.lock') )
{
  $fp = fopen(dirname(__FILE__).'/../install/install.lock', 'w') or die('安装目录无写入权限,无法进行写入锁定文件,请安装完毕删除安装目录!');
  fwrite($fp,' ');
  fclose($fp);
}
//检测后台目录是否更名
$cururl = GetCurUrl();
if(eregi('/dede/login',$cururl)) {
	$redmsg = '<center><br /><br /><font color=\'red\'><b>你的管理目录使用默认名称dede,建议修改为其它名称会更安全!</b></font></center>';
}
else {
	$redmsg = '';
}
echo $redmsg;
//--------------------------------
//登录检测
//--------------------------------
if($dopost=="login")
{
  if(empty($validate)) $validate="";
  else $validate = strtolower($validate);
  $admindirs = explode('/',str_replace("\\","/",dirname(__FILE__)));
Esempio n. 28
0
function get_openid($openid = NULL)
{
    $token = get_token();
    if ($openid !== NULL && $openid != '-1') {
        session('openid_' . $token, $openid);
    } elseif (!empty($_REQUEST['openid']) && $_REQUEST['openid'] != '-1' && $_REQUEST['openid'] != '-2') {
        session('openid_' . $token, $_REQUEST['openid']);
    }
    $openid = session('openid_' . $token);
    $isWeixinBrowser = isWeixinBrowser();
    if ((empty($openid) || $openid == '-1') && $isWeixinBrowser && $_REQUEST['openid'] != '-2' && IS_GET && !IS_AJAX) {
        $callback = GetCurUrl();
        OAuthWeixin($callback, $token);
    }
    if (empty($openid)) {
        return '-1';
        // exit ( 'openid获取失败error' );
    }
    return $openid;
}
Esempio n. 29
0
            <div id="i-engine" class="panel" style="display: none">
                <table cellpadding="0" cellspacing="0">
                    <tr>
                        <td>language</td>
                        <td><?php 
echo $g_arrLangs[LANG]['name'];
?>
 <strong>(<?php 
echo LANG;
?>
)</strong></td>
                    </tr>
                    <tr>
                        <td>current url</td>
                        <td><?php 
echo GetCurUrl();
?>
</td>
                    </tr>
                    <tr>
                        <td>query</td>
                        <td><?php 
echo GetQuery();
?>
</td>
                    </tr>
                    <?php 
foreach ($g_config['phpIni'] as $k => $v) {
    ?>
                        <tr>
                            <td><?php
Esempio n. 30
0
function GetRealOpenId()
{
    $appid = "wxadd0d2ec0a8fe9fe";
    $appsecret = "f71b4c54f831bcde726a428caa46062c";
    $callback = GetCurUrl();
    if (isset($_GET['code'])) {
        $code = $_GET['code'];
        $url = 'https://api.weixin.qq.com/sns/oauth2/access_token?appid=' . $appid . '&secret=' . $appsecret . '&code=' . $code . '&grant_type=authorization_code';
        $result = https_request($url);
        $result = json_decode($result);
        //$access_token = $result->access_token;
        $openid = $result->openid;
        return $openid;
    } else {
        $url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid={$appid}&redirect_uri={$callback}&response_type=code&scope=snsapi_base&state=123#wechat_redirect";
        redirect($url);
    }
}