$user_info['username'] = $row['username']; $user_info['email'] = $row['email']; $user_info['full_name'] = $row['full_name']; $user_info['gender'] = $row['gender']; $user_info['photo'] = $row['photo']; $user_info['birthday'] = intval($row['birthday']); $user_info['regdate'] = intval($row['regdate']); $user_info['website'] = $row['website']; $user_info['location'] = $row['location']; $user_info['yim'] = $row['yim']; $user_info['telephone'] = $row['telephone']; $user_info['fax'] = $row['fax']; $user_info['mobile'] = $row['mobile']; $user_info['view_mail'] = intval($row['view_mail']); $user_info['remember'] = intval($row['remember']); $user_info['in_groups'] = nv_user_groups($row['in_groups']); $user_info['current_login'] = intval($row['last_login']); $user_info['last_login'] = intval($user['last_login']); $user_info['current_agent'] = $row['last_agent']; $user_info['last_agent'] = $user['last_agent']; $user_info['current_ip'] = $row['last_ip']; $user_info['last_ip'] = $user['last_ip']; $user_info['current_openid'] = $row['last_openid']; $user_info['last_openid'] = $user['last_openid']; $user_info['st_login'] = !empty($row['password']) ? true : false; $user_info['valid_question'] = (!empty($row['question']) and !empty($row['answer'])) ? true : false; $user_info['current_mode'] = !empty($row['last_openid']) ? 2 : 1; if (!empty($row['last_openid'])) { $query2 = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `opid`=" . $db->dbescape($row['last_openid']); $result2 = $db->sql_query($query2); $numrows2 = $db->sql_numrows($result2);
/** * nv_admin_checkdata() * * @param mixed $adm_session_value * @return */ function nv_admin_checkdata($adm_session_value) { global $db; $admin_info = array(); $strlen = NV_CRYPT_SHA1 == 1 ? 40 : 32; $array_admin = unserialize($adm_session_value); if (isset($array_admin['admin_id']) and is_numeric($array_admin['admin_id']) and $array_admin['admin_id'] > 0 and isset($array_admin['checknum']) and preg_match("/^[a-z0-9]{" . $strlen . "}\$/", $array_admin['checknum'])) { $query = "SELECT * FROM `" . NV_AUTHORS_GLOBALTABLE . "` WHERE `admin_id` = " . $array_admin['admin_id'] . " AND `lev`!=0 AND `is_suspend`=0"; $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows != 1) { return array(); } $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (strcasecmp($array_admin['checknum'], $row['check_num']) == 0 and isset($array_admin['current_agent']) and !empty($array_admin['current_agent']) and strcasecmp($array_admin['current_agent'], $row['last_agent']) == 0 and isset($array_admin['current_ip']) and !empty($array_admin['current_ip']) and strcasecmp($array_admin['current_ip'], $row['last_ip']) == 0 and isset($array_admin['current_login']) and !empty($array_admin['current_login']) and strcasecmp($array_admin['current_login'], intval($row['last_login'])) == 0) { if (empty($row['files_level'])) { $allow_files_type = array(); $allow_modify_files = $allow_create_subdirectories = $allow_modify_subdirectories = 0; } else { list($allow_files_type, $allow_modify_files, $allow_create_subdirectories, $allow_modify_subdirectories) = explode("|", $row['files_level']); $allow_files_type = !empty($allow_files_type) ? explode(",", $allow_files_type) : array(); } $admin_info['admin_id'] = intval($row['admin_id']); $admin_info['level'] = intval($row['lev']); $admin_info['position'] = $row['position']; $admin_info['current_login'] = intval($row['last_login']); $admin_info['last_login'] = intval($array_admin['last_login']); $admin_info['current_agent'] = $row['last_agent']; $admin_info['last_agent'] = $array_admin['last_agent']; $admin_info['current_ip'] = $row['last_ip']; $admin_info['last_ip'] = $array_admin['last_ip']; $admin_info['editor'] = $row['editor']; $admin_info['allow_files_type'] = $allow_files_type; $admin_info['allow_modify_files'] = intval($allow_modify_files); $admin_info['allow_create_subdirectories'] = intval($allow_create_subdirectories); $admin_info['allow_modify_subdirectories'] = intval($allow_modify_subdirectories); $query = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid` = " . $admin_info['admin_id'] . " AND `active`='1'"; $result = $db->sql_query($query); $numrows = $db->sql_numrows($result); if ($numrows != 1) { return array(); } $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $admin_info['userid'] = $row['userid']; $admin_info['username'] = $row['username']; $admin_info['email'] = $row['email']; $admin_info['full_name'] = $row['full_name']; $admin_info['view_mail'] = intval($row['view_mail']); $admin_info['regdate'] = intval($row['regdate']); $admin_info['sig'] = $row['sig']; $admin_info['gender'] = $row['gender']; $admin_info['photo'] = $row['photo']; $admin_info['birthday'] = intval($row['birthday']); $admin_info['website'] = $row['website']; $admin_info['location'] = $row['location']; $admin_info['yim'] = $row['yim']; $admin_info['telephone'] = $row['telephone']; $admin_info['fax'] = $row['fax']; $admin_info['mobile'] = $row['mobile']; $admin_info['in_groups'] = nv_user_groups($row['in_groups']); $admin_info['current_openid'] = ''; $admin_info['last_openid'] = $row['last_openid']; $admin_info['st_login'] = !empty($row['password']) ? true : false; $admin_info['valid_question'] = (!empty($row['question']) and !empty($row['answer'])) ? true : false; $admin_info['current_mode'] = 3; } } return $admin_info; }
/** * nv_admin_checkdata() * * @param mixed $adm_session_value * @return */ function nv_admin_checkdata($adm_session_value) { global $db, $global_config, $db_config; $array_admin = unserialize($adm_session_value); if (!isset($array_admin['admin_id']) or !is_numeric($array_admin['admin_id']) or $array_admin['admin_id'] <= 0 or !isset($array_admin['checknum']) or !preg_match('/^[a-z0-9]{32}$/', $array_admin['checknum'])) { return array(); } $query = 'SELECT a.admin_id AS admin_id, a.lev AS lev, a.position AS position, a.check_num AS check_num, a.last_agent AS current_agent, a.last_ip AS current_ip, a.last_login AS current_login, a.files_level AS files_level, a.editor AS editor, b.userid AS userid, b.group_id AS group_id, b.username AS username, b.email AS email, b.first_name AS first_name, b.last_name AS last_name, b.view_mail AS view_mail, b.regdate AS regdate, b.sig AS sig, b.gender AS gender, b.photo AS photo, b.birthday AS birthday, b.in_groups AS in_groups, b.last_openid AS last_openid, b.password AS password, b.question AS question, b.answer AS answer, b.safemode AS safemode FROM ' . NV_AUTHORS_GLOBALTABLE . ' a, ' . NV_USERS_GLOBALTABLE . ' b WHERE a.admin_id = ' . $array_admin['admin_id'] . ' AND a.lev!=0 AND a.is_suspend=0 AND b.userid=a.admin_id AND b.active=1'; $admin_info = $db->query($query)->fetch(); if (empty($admin_info)) { return array(); } if (strcasecmp($array_admin['checknum'], $admin_info['check_num']) != 0 or !isset($array_admin['current_agent']) or empty($array_admin['current_agent']) or strcasecmp($array_admin['current_agent'], $admin_info['current_agent']) != 0 or !isset($array_admin['current_ip']) or empty($array_admin['current_ip']) or strcasecmp($array_admin['current_ip'], $admin_info['current_ip']) != 0 or !isset($array_admin['current_login']) or empty($array_admin['current_login']) or strcasecmp($array_admin['current_login'], intval($admin_info['current_login'])) != 0) { //current_login return array(); } if (empty($admin_info['files_level'])) { $allow_files_type = array(); $allow_modify_files = $allow_create_subdirectories = $allow_modify_subdirectories = 0; } else { list($allow_files_type, $allow_modify_files, $allow_create_subdirectories, $allow_modify_subdirectories) = explode('|', $admin_info['files_level']); $allow_files_type = !empty($allow_files_type) ? explode(',', $allow_files_type) : array(); $allow_files_type2 = array_values(array_intersect($allow_files_type, $global_config['file_allowed_ext'])); if ($allow_files_type != $allow_files_type2) { $update = implode(',', $allow_files_type2); $update .= '|' . $allow_modify_files . '|' . $allow_create_subdirectories . '|' . $allow_modify_subdirectories; $sth = $db->prepare('UPDATE ' . NV_AUTHORS_GLOBALTABLE . ' SET files_level = :files_level WHERE admin_id=' . $array_admin['admin_id']); $sth->bindParam(':files_level', $update, PDO::PARAM_STR); $sth->execute(); } $allow_files_type = $allow_files_type2; } $admin_info['level'] = $admin_info['lev']; $admin_info['last_login'] = (int) $array_admin['last_login']; $admin_info['last_agent'] = $array_admin['last_agent']; $admin_info['last_ip'] = $array_admin['last_ip']; $admin_info['allow_files_type'] = $allow_files_type; $admin_info['allow_modify_files'] = intval($allow_modify_files); $admin_info['allow_create_subdirectories'] = intval($allow_create_subdirectories); $admin_info['allow_modify_subdirectories'] = intval($allow_modify_subdirectories); if (empty($admin_info['first_name'])) { $admin_info['first_name'] = $admin_info['username']; } $admin_info['in_groups'] = nv_user_groups($admin_info['in_groups']); $admin_info['current_openid'] = ''; $admin_info['st_login'] = !empty($admin_info['password']) ? true : false; $admin_info['valid_question'] = (!empty($admin_info['question']) and !empty($admin_info['answer'])) ? true : false; $admin_info['current_mode'] = 5; unset($admin_info['lev'], $admin_info['files_level'], $admin_info['password'], $admin_info['question'], $admin_info['answer'], $admin_info['check_num']); return $admin_info; }
/** * nv_admin_checkdata() * * @param mixed $adm_session_value * @return */ function nv_admin_checkdata($adm_session_value) { global $db, $global_config; $strlen = NV_CRYPT_SHA1 == 1 ? 40 : 32; $array_admin = unserialize($adm_session_value); if (!isset($array_admin['admin_id']) or !is_numeric($array_admin['admin_id']) or $array_admin['admin_id'] <= 0 or !isset($array_admin['checknum']) or !preg_match("/^[a-z0-9]{" . $strlen . "}\$/", $array_admin['checknum'])) { return array(); } $query = "SELECT a.admin_id AS `admin_id`, a.lev AS `lev`, a.position AS `position`, a.check_num AS `check_num`, a.last_agent AS `current_agent`, \n a.last_ip AS `current_ip`, a.last_login AS `current_login`, a.files_level AS `files_level`, a.editor AS `editor`, b.userid AS `userid`, \n b.username AS `username`, b.email AS `email`, b.full_name AS `full_name`, b.view_mail AS `view_mail`, b.regdate AS `regdate`, \n b.sig AS `sig`, b.gender AS `gender`, b.photo AS `photo`, b.birthday AS `birthday`, b.website AS `website`, b.location AS `location`, \n b.yim AS `yim`, b.telephone AS `telephone`, b.fax AS `fax`, b.mobile AS `mobile`, b.in_groups AS `in_groups`, b.last_openid AS `last_openid`, \n b.password AS `password`, b.question AS `question`, b.answer AS `answer` \n FROM `" . NV_AUTHORS_GLOBALTABLE . "` a, `" . NV_USERS_GLOBALTABLE . "` b \n WHERE a.admin_id = " . $array_admin['admin_id'] . " \n AND a.lev!=0 \n AND a.is_suspend=0 \n AND b.userid=a.admin_id \n AND b.active=1 \n LIMIT 1"; $result = $db->sql_query($query); if ($db->sql_numrows($result) != 1) { return array(); } $admin_info = $db->sql_fetch_assoc($result); $db->sql_freeresult($result); if (strcasecmp($array_admin['checknum'], $admin_info['check_num']) != 0 or !isset($array_admin['current_agent']) or empty($array_admin['current_agent']) or strcasecmp($array_admin['current_agent'], $admin_info['current_agent']) != 0 or !isset($array_admin['current_ip']) or empty($array_admin['current_ip']) or strcasecmp($array_admin['current_ip'], $admin_info['current_ip']) != 0 or !isset($array_admin['current_login']) or empty($array_admin['current_login']) or strcasecmp($array_admin['current_login'], intval($admin_info['current_login'])) != 0) { //current_login return array(); } if (empty($admin_info['files_level'])) { $allow_files_type = array(); $allow_modify_files = $allow_create_subdirectories = $allow_modify_subdirectories = 0; } else { list($allow_files_type, $allow_modify_files, $allow_create_subdirectories, $allow_modify_subdirectories) = explode("|", $admin_info['files_level']); $allow_files_type = !empty($allow_files_type) ? explode(",", $allow_files_type) : array(); $allow_files_type2 = array_values(array_intersect($allow_files_type, $global_config['file_allowed_ext'])); if ($allow_files_type != $allow_files_type2) { $update = implode(",", $allow_files_type2); $update .= "|" . $allow_modify_files . "|" . $allow_create_subdirectories . "|" . $allow_modify_subdirectories; $sql = "UPDATE `" . NV_AUTHORS_GLOBALTABLE . "` SET `files_level` = " . $db->dbescape($update) . " WHERE `admin_id`=" . $array_admin['admin_id'] . " LIMIT 1"; $db->sql_query($sql); } $allow_files_type = $allow_files_type2; } $admin_info['level'] = $admin_info['lev']; $admin_info['last_login'] = (int) $array_admin['last_login']; $admin_info['last_agent'] = $array_admin['last_agent']; $admin_info['last_ip'] = $array_admin['last_ip']; $admin_info['allow_files_type'] = $allow_files_type; $admin_info['allow_modify_files'] = intval($allow_modify_files); $admin_info['allow_create_subdirectories'] = intval($allow_create_subdirectories); $admin_info['allow_modify_subdirectories'] = intval($allow_modify_subdirectories); if (empty($admin_info['full_name'])) { $admin_info['full_name'] = $admin_info['username']; } $admin_info['in_groups'] = nv_user_groups($admin_info['in_groups']); $admin_info['current_openid'] = ''; $admin_info['st_login'] = !empty($admin_info['password']) ? true : false; $admin_info['valid_question'] = (!empty($admin_info['question']) and !empty($admin_info['answer'])) ? true : false; $admin_info['current_mode'] = 3; unset($admin_info['lev'], $admin_info['files_level'], $admin_info['password'], $admin_info['question'], $admin_info['answer'], $admin_info['check_num']); return $admin_info; }