function qq_callback()
{
global $setting;
if ($_REQUEST['state'] == tcookie('state')) {
//csrf
$token_url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&" . "client_id=" . $setting["qqlogin_appid"] . "&redirect_uri=" . urlencode(SITE_URL . "plugin/qqlogin/qq_callback.php") . "&client_secret=" . $setting["qqlogin_key"] . "&code=" . $_REQUEST["code"];
$response = get_url_contents($token_url);
if (strpos($response, "callback") !== false) {
$lpos = strpos($response, "(");
$rpos = strrpos($response, ")");
$response = substr($response, $lpos + 1, $rpos - $lpos - 1);
$msg = json_decode($response);
if (isset($msg->error)) {
echo "<h3>error:</h3>" . $msg->error;
echo "<h3>msg :</h3>" . $msg->error_description;
exit;
}
}
$params = array();
parse_str($response, $params);
header("Location:" . SITE_URL . "index.php?user/register/" . $params["access_token"]);
} else {
echo "The state does not match. You may be a victim of CSRF.";
}
}
function init_user()
{
@($auth = tcookie('auth'));
$user = array('uid' => 0);
@(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1));
if ($uid && $password) {
$finduser = $this('user')->findById($uid);
$finduser && $password == $finduser['password'] && ($user = $finduser);
}
$user['ip'] = $this->ip;
$this->user = $user;
}
function onajaxgood()
{
$qid = $this->get[2];
$tgood = tcookie('good_' . $qid);
!empty($tgood) && exit('-1');
$_ENV['question']->update_goods($qid);
tcookie('good_' . $qid, $qid);
exit('1');
}
function logout()
{
tcookie('sid', '', 0);
tcookie('auth', '', 0);
tcookie('loginuser', '', 0);
$lasttime = $this->db->result_first("SELECT MAX(time) FROM " . DB_TABLEPRE . "session WHERE uid=" . $this->base->user['uid']);
$this->db->query("DELETE FROM " . DB_TABLEPRE . "session WHERE uid=" . $this->base->user['uid'] . " AND `time`<{$lasttime}");
}
header('Content-type: text/html; charset=UTF-8');
/*$get=taddslashes($_GET);
$post=taddslashes($_POST);
*/
$get = $_GET;
$post = $_POST;
unset($GLOBALS, $_ENV, $_GET, $_POST);
empty($get['c']) && ($get['c'] = 'index');
empty($get['a']) && ($get['a'] = 'default');
define('ACTION', $get['a']);
define('REGULAR', $get['c'] . '/' . $get['a']);
//load control...
$controlfile = APP_ROOT . '/control/' . $get['c'] . '.php';
if (false === @(include $controlfile)) {
notfound('control file "' . $controlfile . '" not found!');
}
$controlname = $get['c'] . 'control';
$control = new $controlname($get, $post);
$method = strtolower('on' . $get['a']);
if (method_exists($control, $method)) {
$isajax = 0 === strpos($get['a'], 'ajax');
if ($control->checkable(REGULAR) || $isajax) {
$control->{$method}();
} else {
$querystring = strcode($_SERVER["QUERY_STRING"], '', 'ENCODE');
tcookie('querystring', $querystring, 86400);
$control->message('您无权进行当前操作,原因如下:<br/> 您所在的用户组(' . $control->user['title'] . ')无法进行此操作。', 'c=user&a=login');
}
} else {
notfound('control "' . $controlname . '" method "' . $method . '" not found!');
}
$member['cookietime'] = $member['cktime'] ? $member['cktime'] - TIME : 0;
if ($action == 'login') {
$member['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $member['username']);
if (strlen($member['username']) > 20) {
$member['username'] = substr($member['username'], 0, 20);
}
if (empty($member['time']) || empty($member['username']) || empty($member['password'])) {
exit('Lack of required parameters!');
} elseif ($setting['passport_expire'] && TIME - $member['time'] > $setting['passport_expire']) {
exit('Request expired!');
}
$user = $db->fetch_first("SELECT * FROM " . DB_TABLEPRE . "user WHERE username='******'username'] . "'");
if ($user) {
$uid = $user['uid'];
// $user->edit($member);
} else {
$credit1 = $setting['credit1_register'];
$credit2 = $setting['credit2_register'];
$db->query("INSERT INTO " . DB_TABLEPRE . "user(username,password,email,credit1,credit2) values ('{$member['username']}','{$member['password']}','{$member['email']}',{$credit1},{$credit2})");
$uid = $db->insert_id();
$db->query("INSERT INTO " . DB_TABLEPRE . "credit(uid,time,operation,credit1,credit2) VALUES ({$uid}," . TIME . ",'user/register',{$credit1},{$credit2}) ");
}
$forward = empty($forward) ? $setting['passport_server'] : $forward;
$auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE');
tcookie('auth', $auth, 24 * 3600 * 365);
} elseif ($action == 'logout' || $action == 'quit') {
tcookie('sid', '');
tcookie('auth', '');
$forward = empty($forward) ? $setting['passport_server'] : $forward;
}
header('location:' . $forward);
function refresh($user)
{
global $db, $setting;
$uid = $user['uid'];
$password = $user['password'];
$time = time();
$sid = tcookie('sid');
$db->query("UPDATE " . DB_TABLEPRE . "user SET `lastlogin`={$time} WHERE `uid`={$uid}");
//更新最后登录时间
$db->query("REPLACE INTO " . DB_TABLEPRE . "session (sid,uid,islogin,ip,`time`) VALUES ('{$sid}',{$uid},1,'" . getip() . "',{$time})");
$auth = authcode("{$uid}\t{$password}", 'ENCODE');
tcookie('auth', $auth);
tcookie('loginuser', '');
}
function get_question_view($qid)
{
$views = tcookie('views');
if (!empty($views)) {
$view_arr = explode(',', $views);
if (!in_array($qid, $view_arr)) {
tcookie('views', $views . ',' . $qid);
$this->db->query("UPDATE " . DB_TABLEPRE . "question SET views=views+1 WHERE id='" . $qid . "'");
//$this->redis->LPUSH('view',$qid);
}
} else {
tcookie('views', $qid);
$this->db->query("UPDATE " . DB_TABLEPRE . "question SET views=views+1 WHERE id='" . $qid . "'");
//$this->redis->LPUSH('view',$qid);
}
//$this->redis->LPUSH('view',$qid);
}
function logout()
{
tcookie('auth', '', 0);
}
function synlogout($get, $post)
{
if (!API_SYNLOGOUT) {
return API_RETURN_FORBIDDEN;
}
//note 同步登出 API 接口
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
tcookie('sid', '', 0);
tcookie('auth', '', 0);
}
function init_user()
{
@($sid = tcookie('sid'));
@($auth = tcookie('auth'));
$user = array();
@(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1));
if (!$sid) {
$sid = substr(md5(time() . $this->ip . random(6)), 16, 16);
tcookie('sid', $sid, 31536000);
}
$this->load('user');
if ($uid && $password) {
$user = $_ENV['user']->get_by_uid($uid, 0);
$password != $user['password'] && ($user = array());
}
if (!$user) {
$user['uid'] = 0;
$user['groupid'] = 6;
}
$_ENV['user']->refresh_session_time($sid, $user['uid']);
$user['sid'] = $sid;
$user['ip'] = $this->ip;
$user['uid'] && ($user['loginuser'] = $user['username']);
$user['uid'] && ($user['avatar'] = get_avatar_dir($user['uid']));
$this->user = array_merge($user, $this->usergroup[$user['groupid']]);
}
function onsuggest()
{
$question_type = "suggest";
$question_type_list = $this->ask_config->getQuestionType();
$title = "服务中心-我要" . $question_type_list[$question_type];
$all_num = $_ENV['question']->total_question();
$qtypeId = isset($this->get[2]) ? intval($this->get[2]) : (isset($this->post['qtypeId']) ? intval($this->post['qtypeId']) : 0);
$loginName = $this->ask_front_name;
$allQtype = $_ENV['qtype']->GetAllQType(1, "", 0);
if (!isset($allQtype[$qtypeId])) {
header("Location: http://sc.5173.com/index.php?question/ask_skip.html");
}
$subList = $_ENV['qtype']->GetSubList($qtypeId);
if (!empty($subList)) {
header("Location: http://sc.5173.com/index.php?question/subList/suggest/{$qtypeId}.html");
}
$qtypeName = $allQtype[$qtypeId];
$operatorInfo = '';
// 获取我的专属客服
if ($this->ask_front_name == '游客') {
$selfAuthor_where = '';
// 获取专属客服条件
} else {
$t_cid = $_ENV['question']->getType(3);
$operatorInfo = $_ENV['operator']->getMySelfAuthor($this->ask_front_name);
$selfAuthor_where = $_ENV['question']->front_selfAuthor_where($operatorInfo['login_name'], '', 1, $t_cid);
}
if ($selfAuthor_where) {
$selfAuthorNum = $_ENV['question']->front_mySelfAuthorNum($selfAuthor_where);
} else {
$selfAuthorNum = 0;
}
$url = '';
if ($qtypeName['pid'] > 0) {
$url = '<a href="http://sc.5173.com/index.php?question/subList/suggest/' . $qtypeName['pid'] . '.html">选择' . $allQtype[$qtypeName['pid']]['name'] . '类' . $question_type_list[$question_type] . '</a> >  ';
}
//未登陆跳转地址
$login_url = "http://" . config::FRONT_LOGIN_DOMAIN . "/?returnUrl=" . urlencode(curPageURL());
$display_yzm = false;
if ($this->ask_front_name != '游客') {
$contact = $this->cache->get(md5('SJ' . $this->ask_front_id));
if (false === $contact) {
$contact = get_mobile($this->ask_front_id);
if (!empty($contact)) {
$this->cache->set(md5('SJ' . $this->ask_front_id), $contact, 1800);
}
//缓存30分钟
}
if (!empty($contact)) {
$en_contact = substr_replace($contact, '****', 3, 4);
}
}
$suggest_title = isset($this->post['title']) ? htmlspecialchars(trim($this->post['title'])) : '';
$description = isset($this->post['description']) && $this->post['description'] != "我们非常重视您的" . $question_type_list[$question_type] . ",请在这里告诉我们" ? htmlspecialchars(trim($this->post['description'])) : '';
$contact_num = isset($this->post['contact_num']) ? htmlspecialchars($this->post['contact_num']) : (isset($en_contact) ? $en_contact : '');
$J_code = isset($this->post['J_code']) ? strtolower(htmlspecialchars($this->post['J_code'])) : '';
if ($this->ask_front_name == '游客') {
$author = isset($this->post['author']) && $this->post['author'] != '请输入5173用户名' ? trim($this->post['author']) : '';
$author_id = '';
} else {
$author_id = $this->ask_front_id;
$author = $this->ask_front_name;
}
$t_yzm = tcookie('yzm');
if (empty($t_yzm)) {
tcookie('yzm', time(), 1800);
//存放半个小时
} else {
$over_time = time() - $t_yzm;
//距离现在的秒数
if ($over_time < 1800) {
$display_yzm = true;
} else {
tcookie('yzm', '', time() - 3600);
//删除
}
}
if ($this->ask_front_name != '游客') {
$display_yzm = false;
}
//登陆用户不显示验证码
if (isset($this->post['contact'])) {
$comment['contact'] = $this->post['contact'];
} else {
$comment['contact']['mobile'] = isset($en_contact) ? $en_contact : '';
}
$flag = 0;
if (isset($this->post['act'])) {
if (isset($this->post['contact'])) {
$comment['contact'] = $this->post['contact'];
if ($comment['contact']['mobile'] != "") {
if (isset($en_contact) && $comment['contact']['mobile'] == $en_contact) {
$comment['contact']['mobile'] = $contact;
}
if (!checkmobile($comment['contact']['mobile'])) {
$errorMsg['mobile'] = '手机号';
unset($comment['contact']['mobile']);
} else {
$flag++;
}
} else {
$errorMsg['mobile'] = '手机号';
unset($comment['contact']['mobile']);
}
if ($comment['contact']['qq'] != "") {
if (!isQQ($comment['contact']['qq'])) {
//$errorMsg['qq'] = 'QQ号';
unset($comment['contact']['qq']);
} else {
//$flag++;
}
} else {
//$errorMsg['qq'] = 'QQ号';
unset($comment['contact']['qq']);
}
if ($comment['contact']['weixin'] != '') {
if (strlen($comment['contact']['weixin']) > 20 || strlen($comment['contact']['weixin']) < 4 || trim($comment['contact']['weixin']) == "微信号") {
//$errorMsg['weixin'] = '微信号';
unset($comment['contact']['weixin']);
} else {
//$flag++;
}
} else {
//$errorMsg['weixin'] = '微信号';
unset($comment['contact']['weixin']);
}
}
if ($flag == 0 && count($errorMsg) > 0) {
$error = implode("、", $errorMsg) . "未填写或格式不正确";
$comment['contact'] = $this->post['contact'];
@(include template('suggest'));
echo "<script>alert('" . $error . "');</script>";
exit;
}
if ($description == '') {
$comment['contact'] = $this->post['contact'];
@(include template('suggest'));
echo "<script>alert('建议内容不能为空。');</script>";
exit;
} elseif (mb_strlen($description, 'UTF-8') > 500 || mb_strlen($description, 'UTF-8') < 5) {
$comment['contact'] = $this->post['contact'];
@(include template('suggest'));
echo "<script>alert('建议内容请保持在5-500个字内。');</script>";
exit;
}
if ($this->ask_front_name == '游客') {
if ($author == "" || mb_strlen($author, 'UTF-8') > 20) {
@(include template('suggest'));
echo "<script>alert('请输正确格式的5173登陆用户名');</script>";
exit;
}
if ($J_code == "" || $J_code != $_SESSION['code']) {
$comment['contact'] = $this->post['contact'];
@(include template('suggest'));
echo "<script>alert('验证码不正确!');</script>";
exit;
}
}
//提问数限制
$limit_question_num = intval($this->setting['limit_question_num']);
if (!empty($limit_question_num)) {
$comment['contact'] = $this->post['contact'];
$num_ip = $_ENV['question']->get_num_by_ip(getip());
if ($num_ip >= $limit_question_num) {
@(include template('suggest'));
echo "<script>alert('您的操作太频繁啦,让服务器休息一下,稍后再进行建议!');</script>";
exit;
}
}
//IP黑名单
$BlackList = explode("|", $this->setting['IpBlackList']);
if (in_array(getip(), $BlackList)) {
$comment['contact'] = $this->post['contact'];
@(include template('suggest'));
echo "<script>alert('您的操作太频繁啦,让服务器休息一下,稍后再建议!');</script>";
exit;
}
if ($this->ask_front_name != '游客') {
//登录提问
$GagLog = $_ENV['user']->getGag($this->ask_front_name);
if (count($GagLog) > 0) {
$comment['contact'] = $this->post['contact'];
@(include template('suggest'));
echo "<script>alert('很抱歉,您的帐号已被管理员禁言处理,请您自觉遵守5173言论规则。');</script>";
exit;
}
}
$description = cutstr(strip_tags($description), 500, '');
if (md5(trim(strip_tags($description))) == $_COOKIE['last_suggest']) {
@(include template('suggest'));
echo "<script>alert('亲,问题提交一次就OK,不用重复提交哦!');</script>";
exit;
}
$img_path = $this->post['imgpath'];
$img_path = stripcslashes($img_path);
$img_path = str_replace('"small_pic"', ',"small_pic"', $img_path);
$img_path = str_replace('"big_pic"', ',"big_pic"', $img_path);
$p1 = strpos($img_path, "big_pic");
$path = substr($img_path, $p1 + 10, strlen($img_path) - $p1 - 10 - 2);
$path = str_replace('\\/', '/', $path);
$attach = trim($path);
if (isset($en_contact) && $comment['contact']['mobile'] == $en_contact) {
$comment['contact']['mobile'] = $contact;
}
$cid = $_ENV['question']->getType(2);
//建议分类id
$cid = !empty($cid) ? intval($cid) : 0;
$cid1Info = $_ENV['category']->getByQType($qtypeId, $cid);
//qtype对应分类id
$cid1 = intval($cid1Info['id']);
$time = time();
$trimDescription = preg_replace('/\\s+/', '', $description);
$description = $this->keyWordCheck($trimDescription);
$BrowerInfo = userBrowerInfo();
$comment['OS'] = $BrowerInfo['OS'];
$comment['Browser'] = $BrowerInfo['Browser'];
$questionInfo = array("qtype" => $qtypeId, "author" => $author, "author_id" => $author_id, "title" => $suggest_title, "description" => $description, "attach" => $attach, "time" => $time, "ip" => getip(), "cid" => $cid, "cid1" => $cid1, "comment" => serialize($comment));
$question_id = $_ENV['question']->insertQuestion($questionInfo);
//更新Solr服务器
$q_search = array();
if ($question_id > 0) {
setcookie('last_suggest', md5(trim(strip_tags($description))), time() + 3600);
if ($this->ask_front_name == '游客') {
get_que_id('jy', $question_id);
//建议id写入cookie
}
$date = date("Y-m-d");
$_ENV['question']->modifyUserQtypeNum($date, $qtypeId, 'suggest', 1);
$login_name = trim($this->post['login_name']);
if (!empty($login_name)) {
if ($this->setting['selfServiceFirst'] == 1) {
$Apply = $_ENV['question']->ApplyToOperator($question_id, $login_name);
}
}
$q_search['id'] = $question_id;
$q_search['title'] = $description;
$q_search['description'] = $description;
$q_search['tag'] = json_encode(array(), true);
$q_search['time'] = $time;
$q_search['atime'] = 0;
try {
$this->set_search($q_search);
} catch (Exception $e) {
send_AIC('http://sc.5173.com/index.php?question/suggest.html', '搜索服务器异常', 1, '搜索接口');
}
}
header("Location: " . url('question/suggest_success/' . $question_id . '/' . $time, true));
}
$telDisplay = $this->setting['telDisplay'];
$xnDisplay = $this->setting['xnDisplay'];
$qqDisplay = $this->setting['qqDisplay'];
$_ENV['question']->PageView(1, getip());
@(include template('suggest'));
}
