function check_cookie() { global $db, $cookiecfg, $tablepre, $onlineip, $onlineurl; $secret = $_COOKIE[$cookiecfg['prefix'] . secret]; $onlineurl = addslashes($onlineurl); //old online information if (isset($secret)) { list($cookies['uid'], $cookies['username'], $cookies['logintime']) = explode("\t", authcrypt($secret, 'decode')); //online member if (is_numeric($cookies['uid'])) { $sql = "INSERT INTO `{$tablepre}online` (uid,username,logintime,dateline,url) VALUES ('{$cookies['uid']}','{$cookies['username']}',UNIX_TIMESTAMP(),UNIX_TIMESTAMP(),'{$onlineurl}') ON DUPLICATE KEY UPDATE dateline=UNIX_TIMESTAMP(),url='{$onlineurl}'"; $db->query($sql); //online guest } else { $sql = "INSERT INTO `{$tablepre}online` (uid,username,logintime,dateline,url) VALUES ('{$cookies['uid']}','{$onlineip}',UNIX_TIMESTAMP(),UNIX_TIMESTAMP(),'') ON DUPLICATE KEY UPDATE dateline=UNIX_TIMESTAMP(),url='{$onlineurl}'"; $db->query($sql); } //new member information } else { $time = times(); $rnd = m_rand(5); m_setcookie('secret', authcrypt("{$rnd}\tguest\t{$time}", 'encode')); $sql = "INSERT INTO `{$tablepre}online` VALUES ('{$rnd}','{$onlineip}',UNIX_TIMESTAMP(),UNIX_TIMESTAMP(),'{$onlineurl}') ON DUPLICATE KEY UPDATE dateline=UNIX_TIMESTAMP(),url='{$onlineurl}'"; $db->query($sql); } }
function turn($url) { if (($pos = strpos($url, "?")) !== false) { $query = URL_SEO ? "/" : "?"; $query .= authcrypt(substr($url, $pos + 1), 'encode'); $fname = substr($url, 0, $pos); $url = $fname . $query; } return $fname == 'index.php' ? $query : $url; }
public static function request($command) { global $_G; //序列化 $dataset = rawurlencode(authcrypt(serialize($command), VI_SECRET)); //发送请求 $return = @file_get_contents($_G['project']['home'] . 'api.php?action=cloud&domain=' . VI_HOST . '&execute=' . $dataset); //反序列化 $content = $return ? unserialize($return) : array('return' => 'respond'); return $content; }
public static function decode_param($domain) { return unserialize(authcrypt(rawurldecode($domain), VI_SECRET, 'decode')); }
} $onlineurl = 'http://' . $_SERVER['HTTP_HOST'] . addslashes($_SERVER["REQUEST_URI"]); if ($config['gzip'] && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false)) { ob_start('ob_gzhandler'); } else { ob_start(); } if (URL_CRYPT) { include ROOT_PATH . 'include/urlcrypt.inc.php'; urlcrypt(); } //import_request_variables("cgP"); foreach (array('_COOKIE', '_POST', '_GET') as $_request) { foreach (${$_request} as $_key => $_value) { $_key[0] != '_' && (${$_key} = m_addslashes($_value)); } } //m_exit($_POST,true); check_cookie(); $online = update_online(); //${$cookiepre.auth} == $_COOKIE["{cookiepre}auth"] == $_COOKIE['Ecosme_auth'] $m_uid = $m_username = $m_password = ''; if (isset(${$cookiecfg['prefix'] . secret})) { list($m_uid, $m_username, $m_logintime) = explode("\t", authcrypt(${$cookiecfg['prefix'] . secret}, 'decode')); } if ($_SERVER['REQUEST_METHOD'] == 'POST' && times() - $m_logintime > 86400) { header('Location: ' . $_SERVER['HTTP_REFERER'] . ''); exit; } //echo $m_uid."||".$m_username."||".$m_logintime; //print_r($GLOBALS);
} break; ////////////////////////////// //应用市场命令 ////////////////////////////// //应用市场命令 case "market": // && $_G['manager']['id'] //是否开启安全通信 $connect = isset($_G['setting']['global']['connect']) ? $_G['setting']['global']['connect'] : 'off'; //没有安装 mcrypt if (function_exists('mcrypt_create_iv') === FALSE) { exit(serialize(array('return' => 'mcrypt', 'connect' => $connect))); } //反序列化 $command = unserialize(authcrypt($execute, VI_SECRET, 'decode')); //测试命令 if (is_array($command) === FALSE) { exit(serialize(array('return' => 'secret', 'connect' => $connect))); } //延长程序运行时间 if (!ini_get('safe_mode')) { set_time_limit(0); } ///////////////////////// //连接数据库 System::connect(); switch ($command['execute']) { //测试命令 case 'testing': exit(serialize(array('string' => $command['string'], 'connect' => $connect)));
$db->query("UPDATE `{$tablepre}memberdata` SET onlinetime=onlinetime+{$visittimes},lastvisit=UNIX_TIMESTAMP() WHERE uid='{$m_uid}'"); $db->query("DELETE FROM `{$tablepre}online` WHERE uid='{$m_uid}'"); } clearcookie(); header("Location: {$location}"); } if (array_key_exists('Password', $_POST) && $Password !== '' && $UserName !== '') { $username = addslashes($UserName); $password = md5($Password); //if(($username=='' || $password==''))refer('error',$fromurl); $query = $db->query("SELECT uid,username FROM `{$tablepre}members` WHERE username='******' AND password='******' LIMIT 1"); if ($db->num_rows($query)) { $db->query("DELETE FROM `{$tablepre}online` WHERE uid='{$m_uid}'"); list($m_uid, $m_username) = $db->fetch_row($query); $temp = array($m_uid, $username, $m_username); //make sure the cookie $time = time(); $db->query("UPDATE `{$tablepre}memberdata` SET lastvisit = UNIX_TIMESTAMP(),lastloginip = '{$onlineip}',logintimes = logintimes+1 WHERE uid = {$m_uid}"); if (isset($saveCookie)) { m_setcookie('secret', authcrypt("{$m_uid}\t{$username}\t{$time}", 'encode'), 86400); } else { m_setcookie('secret', authcrypt("{$m_uid}\t{$username}\t{$time}", 'encode')); } header("Location: {$location}"); } else { $errorinfo = " 用户名或密码错误!"; } } elseif (array_key_exists('Password', $_POST)) { $errorinfo = ' 用户名或密码不能为空!'; } $templatefile = 'login.html';