Esempio n. 1
0
function qq_callback()
{
    global $setting;
    if ($_REQUEST['state'] == tcookie('state')) {
        //csrf
        $token_url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&" . "client_id=" . $setting["qqlogin_appid"] . "&redirect_uri=" . urlencode(SITE_URL . "plugin/qqlogin/qq_callback.php") . "&client_secret=" . $setting["qqlogin_key"] . "&code=" . $_REQUEST["code"];
        $response = get_url_contents($token_url);
        if (strpos($response, "callback") !== false) {
            $lpos = strpos($response, "(");
            $rpos = strrpos($response, ")");
            $response = substr($response, $lpos + 1, $rpos - $lpos - 1);
            $msg = json_decode($response);
            if (isset($msg->error)) {
                echo "<h3>error:</h3>" . $msg->error;
                echo "<h3>msg  :</h3>" . $msg->error_description;
                exit;
            }
        }
        $params = array();
        parse_str($response, $params);
        header("Location:" . SITE_URL . "index.php?user/register/" . $params["access_token"]);
    } else {
        echo "The state does not match. You may be a victim of CSRF.";
    }
}
Esempio n. 2
0
 function init_user()
 {
     @($auth = tcookie('auth'));
     $user = array('uid' => 0);
     @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1));
     if ($uid && $password) {
         $finduser = $this('user')->findById($uid);
         $finduser && $password == $finduser['password'] && ($user = $finduser);
     }
     $user['ip'] = $this->ip;
     $this->user = $user;
 }
Esempio n. 3
0
 function onajaxgood()
 {
     $qid = $this->get[2];
     $tgood = tcookie('good_' . $qid);
     !empty($tgood) && exit('-1');
     $_ENV['question']->update_goods($qid);
     tcookie('good_' . $qid, $qid);
     exit('1');
 }
Esempio n. 4
0
 function logout()
 {
     tcookie('sid', '', 0);
     tcookie('auth', '', 0);
     tcookie('loginuser', '', 0);
     $lasttime = $this->db->result_first("SELECT MAX(time) FROM " . DB_TABLEPRE . "session WHERE uid=" . $this->base->user['uid']);
     $this->db->query("DELETE FROM " . DB_TABLEPRE . "session WHERE uid=" . $this->base->user['uid'] . " AND `time`<{$lasttime}");
 }
Esempio n. 5
0
header('Content-type: text/html; charset=UTF-8');
/*$get=taddslashes($_GET);
$post=taddslashes($_POST);
*/
$get = $_GET;
$post = $_POST;
unset($GLOBALS, $_ENV, $_GET, $_POST);
empty($get['c']) && ($get['c'] = 'index');
empty($get['a']) && ($get['a'] = 'default');
define('ACTION', $get['a']);
define('REGULAR', $get['c'] . '/' . $get['a']);
//load control...
$controlfile = APP_ROOT . '/control/' . $get['c'] . '.php';
if (false === @(include $controlfile)) {
    notfound('control file "' . $controlfile . '" not found!');
}
$controlname = $get['c'] . 'control';
$control = new $controlname($get, $post);
$method = strtolower('on' . $get['a']);
if (method_exists($control, $method)) {
    $isajax = 0 === strpos($get['a'], 'ajax');
    if ($control->checkable(REGULAR) || $isajax) {
        $control->{$method}();
    } else {
        $querystring = strcode($_SERVER["QUERY_STRING"], '', 'ENCODE');
        tcookie('querystring', $querystring, 86400);
        $control->message('您无权进行当前操作,原因如下:<br/> 您所在的用户组(' . $control->user['title'] . ')无法进行此操作。', 'c=user&a=login');
    }
} else {
    notfound('control "' . $controlname . '" method "' . $method . '" not found!');
}
Esempio n. 6
0
$member['cookietime'] = $member['cktime'] ? $member['cktime'] - TIME : 0;
if ($action == 'login') {
    $member['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $member['username']);
    if (strlen($member['username']) > 20) {
        $member['username'] = substr($member['username'], 0, 20);
    }
    if (empty($member['time']) || empty($member['username']) || empty($member['password'])) {
        exit('Lack of required parameters!');
    } elseif ($setting['passport_expire'] && TIME - $member['time'] > $setting['passport_expire']) {
        exit('Request expired!');
    }
    $user = $db->fetch_first("SELECT * FROM " . DB_TABLEPRE . "user WHERE username='******'username'] . "'");
    if ($user) {
        $uid = $user['uid'];
        //	$user->edit($member);
    } else {
        $credit1 = $setting['credit1_register'];
        $credit2 = $setting['credit2_register'];
        $db->query("INSERT INTO " . DB_TABLEPRE . "user(username,password,email,credit1,credit2) values ('{$member['username']}','{$member['password']}','{$member['email']}',{$credit1},{$credit2})");
        $uid = $db->insert_id();
        $db->query("INSERT INTO " . DB_TABLEPRE . "credit(uid,time,operation,credit1,credit2) VALUES ({$uid}," . TIME . ",'user/register',{$credit1},{$credit2}) ");
    }
    $forward = empty($forward) ? $setting['passport_server'] : $forward;
    $auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE');
    tcookie('auth', $auth, 24 * 3600 * 365);
} elseif ($action == 'logout' || $action == 'quit') {
    tcookie('sid', '');
    tcookie('auth', '');
    $forward = empty($forward) ? $setting['passport_server'] : $forward;
}
header('location:' . $forward);
Esempio n. 7
0
function refresh($user)
{
    global $db, $setting;
    $uid = $user['uid'];
    $password = $user['password'];
    $time = time();
    $sid = tcookie('sid');
    $db->query("UPDATE " . DB_TABLEPRE . "user SET `lastlogin`={$time}  WHERE `uid`={$uid}");
    //更新最后登录时间
    $db->query("REPLACE INTO " . DB_TABLEPRE . "session (sid,uid,islogin,ip,`time`) VALUES ('{$sid}',{$uid},1,'" . getip() . "',{$time})");
    $auth = authcode("{$uid}\t{$password}", 'ENCODE');
    tcookie('auth', $auth);
    tcookie('loginuser', '');
}
 function get_question_view($qid)
 {
     $views = tcookie('views');
     if (!empty($views)) {
         $view_arr = explode(',', $views);
         if (!in_array($qid, $view_arr)) {
             tcookie('views', $views . ',' . $qid);
             $this->db->query("UPDATE " . DB_TABLEPRE . "question SET views=views+1 WHERE id='" . $qid . "'");
             //$this->redis->LPUSH('view',$qid);
         }
     } else {
         tcookie('views', $qid);
         $this->db->query("UPDATE " . DB_TABLEPRE . "question SET views=views+1 WHERE id='" . $qid . "'");
         //$this->redis->LPUSH('view',$qid);
     }
     //$this->redis->LPUSH('view',$qid);
 }
Esempio n. 9
0
 function logout()
 {
     tcookie('auth', '', 0);
 }
Esempio n. 10
0
 function synlogout($get, $post)
 {
     if (!API_SYNLOGOUT) {
         return API_RETURN_FORBIDDEN;
     }
     //note 同步登出 API 接口
     header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
     tcookie('sid', '', 0);
     tcookie('auth', '', 0);
 }
Esempio n. 11
0
 function init_user()
 {
     @($sid = tcookie('sid'));
     @($auth = tcookie('auth'));
     $user = array();
     @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1));
     if (!$sid) {
         $sid = substr(md5(time() . $this->ip . random(6)), 16, 16);
         tcookie('sid', $sid, 31536000);
     }
     $this->load('user');
     if ($uid && $password) {
         $user = $_ENV['user']->get_by_uid($uid, 0);
         $password != $user['password'] && ($user = array());
     }
     if (!$user) {
         $user['uid'] = 0;
         $user['groupid'] = 6;
     }
     $_ENV['user']->refresh_session_time($sid, $user['uid']);
     $user['sid'] = $sid;
     $user['ip'] = $this->ip;
     $user['uid'] && ($user['loginuser'] = $user['username']);
     $user['uid'] && ($user['avatar'] = get_avatar_dir($user['uid']));
     $this->user = array_merge($user, $this->usergroup[$user['groupid']]);
 }
Esempio n. 12
0
 function onsuggest()
 {
     $question_type = "suggest";
     $question_type_list = $this->ask_config->getQuestionType();
     $title = "服务中心-我要" . $question_type_list[$question_type];
     $all_num = $_ENV['question']->total_question();
     $qtypeId = isset($this->get[2]) ? intval($this->get[2]) : (isset($this->post['qtypeId']) ? intval($this->post['qtypeId']) : 0);
     $loginName = $this->ask_front_name;
     $allQtype = $_ENV['qtype']->GetAllQType(1, "", 0);
     if (!isset($allQtype[$qtypeId])) {
         header("Location: http://sc.5173.com/index.php?question/ask_skip.html");
     }
     $subList = $_ENV['qtype']->GetSubList($qtypeId);
     if (!empty($subList)) {
         header("Location: http://sc.5173.com/index.php?question/subList/suggest/{$qtypeId}.html");
     }
     $qtypeName = $allQtype[$qtypeId];
     $operatorInfo = '';
     // 获取我的专属客服
     if ($this->ask_front_name == '游客') {
         $selfAuthor_where = '';
         // 获取专属客服条件
     } else {
         $t_cid = $_ENV['question']->getType(3);
         $operatorInfo = $_ENV['operator']->getMySelfAuthor($this->ask_front_name);
         $selfAuthor_where = $_ENV['question']->front_selfAuthor_where($operatorInfo['login_name'], '', 1, $t_cid);
     }
     if ($selfAuthor_where) {
         $selfAuthorNum = $_ENV['question']->front_mySelfAuthorNum($selfAuthor_where);
     } else {
         $selfAuthorNum = 0;
     }
     $url = '';
     if ($qtypeName['pid'] > 0) {
         $url = '<a href="http://sc.5173.com/index.php?question/subList/suggest/' . $qtypeName['pid'] . '.html">选择' . $allQtype[$qtypeName['pid']]['name'] . '类' . $question_type_list[$question_type] . '</a>&nbsp;&nbsp;&gt;&nbsp;&nbsp';
     }
     //未登陆跳转地址
     $login_url = "http://" . config::FRONT_LOGIN_DOMAIN . "/?returnUrl=" . urlencode(curPageURL());
     $display_yzm = false;
     if ($this->ask_front_name != '游客') {
         $contact = $this->cache->get(md5('SJ' . $this->ask_front_id));
         if (false === $contact) {
             $contact = get_mobile($this->ask_front_id);
             if (!empty($contact)) {
                 $this->cache->set(md5('SJ' . $this->ask_front_id), $contact, 1800);
             }
             //缓存30分钟
         }
         if (!empty($contact)) {
             $en_contact = substr_replace($contact, '****', 3, 4);
         }
     }
     $suggest_title = isset($this->post['title']) ? htmlspecialchars(trim($this->post['title'])) : '';
     $description = isset($this->post['description']) && $this->post['description'] != "我们非常重视您的" . $question_type_list[$question_type] . ",请在这里告诉我们" ? htmlspecialchars(trim($this->post['description'])) : '';
     $contact_num = isset($this->post['contact_num']) ? htmlspecialchars($this->post['contact_num']) : (isset($en_contact) ? $en_contact : '');
     $J_code = isset($this->post['J_code']) ? strtolower(htmlspecialchars($this->post['J_code'])) : '';
     if ($this->ask_front_name == '游客') {
         $author = isset($this->post['author']) && $this->post['author'] != '请输入5173用户名' ? trim($this->post['author']) : '';
         $author_id = '';
     } else {
         $author_id = $this->ask_front_id;
         $author = $this->ask_front_name;
     }
     $t_yzm = tcookie('yzm');
     if (empty($t_yzm)) {
         tcookie('yzm', time(), 1800);
         //存放半个小时
     } else {
         $over_time = time() - $t_yzm;
         //距离现在的秒数
         if ($over_time < 1800) {
             $display_yzm = true;
         } else {
             tcookie('yzm', '', time() - 3600);
             //删除
         }
     }
     if ($this->ask_front_name != '游客') {
         $display_yzm = false;
     }
     //登陆用户不显示验证码
     if (isset($this->post['contact'])) {
         $comment['contact'] = $this->post['contact'];
     } else {
         $comment['contact']['mobile'] = isset($en_contact) ? $en_contact : '';
     }
     $flag = 0;
     if (isset($this->post['act'])) {
         if (isset($this->post['contact'])) {
             $comment['contact'] = $this->post['contact'];
             if ($comment['contact']['mobile'] != "") {
                 if (isset($en_contact) && $comment['contact']['mobile'] == $en_contact) {
                     $comment['contact']['mobile'] = $contact;
                 }
                 if (!checkmobile($comment['contact']['mobile'])) {
                     $errorMsg['mobile'] = '手机号';
                     unset($comment['contact']['mobile']);
                 } else {
                     $flag++;
                 }
             } else {
                 $errorMsg['mobile'] = '手机号';
                 unset($comment['contact']['mobile']);
             }
             if ($comment['contact']['qq'] != "") {
                 if (!isQQ($comment['contact']['qq'])) {
                     //$errorMsg['qq'] = 'QQ号';
                     unset($comment['contact']['qq']);
                 } else {
                     //$flag++;
                 }
             } else {
                 //$errorMsg['qq'] = 'QQ号';
                 unset($comment['contact']['qq']);
             }
             if ($comment['contact']['weixin'] != '') {
                 if (strlen($comment['contact']['weixin']) > 20 || strlen($comment['contact']['weixin']) < 4 || trim($comment['contact']['weixin']) == "微信号") {
                     //$errorMsg['weixin'] = '微信号';
                     unset($comment['contact']['weixin']);
                 } else {
                     //$flag++;
                 }
             } else {
                 //$errorMsg['weixin'] = '微信号';
                 unset($comment['contact']['weixin']);
             }
         }
         if ($flag == 0 && count($errorMsg) > 0) {
             $error = implode("、", $errorMsg) . "未填写或格式不正确";
             $comment['contact'] = $this->post['contact'];
             @(include template('suggest'));
             echo "<script>alert('" . $error . "');</script>";
             exit;
         }
         if ($description == '') {
             $comment['contact'] = $this->post['contact'];
             @(include template('suggest'));
             echo "<script>alert('建议内容不能为空。');</script>";
             exit;
         } elseif (mb_strlen($description, 'UTF-8') > 500 || mb_strlen($description, 'UTF-8') < 5) {
             $comment['contact'] = $this->post['contact'];
             @(include template('suggest'));
             echo "<script>alert('建议内容请保持在5-500个字内。');</script>";
             exit;
         }
         if ($this->ask_front_name == '游客') {
             if ($author == "" || mb_strlen($author, 'UTF-8') > 20) {
                 @(include template('suggest'));
                 echo "<script>alert('请输正确格式的5173登陆用户名');</script>";
                 exit;
             }
             if ($J_code == "" || $J_code != $_SESSION['code']) {
                 $comment['contact'] = $this->post['contact'];
                 @(include template('suggest'));
                 echo "<script>alert('验证码不正确!');</script>";
                 exit;
             }
         }
         //提问数限制
         $limit_question_num = intval($this->setting['limit_question_num']);
         if (!empty($limit_question_num)) {
             $comment['contact'] = $this->post['contact'];
             $num_ip = $_ENV['question']->get_num_by_ip(getip());
             if ($num_ip >= $limit_question_num) {
                 @(include template('suggest'));
                 echo "<script>alert('您的操作太频繁啦,让服务器休息一下,稍后再进行建议!');</script>";
                 exit;
             }
         }
         //IP黑名单
         $BlackList = explode("|", $this->setting['IpBlackList']);
         if (in_array(getip(), $BlackList)) {
             $comment['contact'] = $this->post['contact'];
             @(include template('suggest'));
             echo "<script>alert('您的操作太频繁啦,让服务器休息一下,稍后再建议!');</script>";
             exit;
         }
         if ($this->ask_front_name != '游客') {
             //登录提问
             $GagLog = $_ENV['user']->getGag($this->ask_front_name);
             if (count($GagLog) > 0) {
                 $comment['contact'] = $this->post['contact'];
                 @(include template('suggest'));
                 echo "<script>alert('很抱歉,您的帐号已被管理员禁言处理,请您自觉遵守5173言论规则。');</script>";
                 exit;
             }
         }
         $description = cutstr(strip_tags($description), 500, '');
         if (md5(trim(strip_tags($description))) == $_COOKIE['last_suggest']) {
             @(include template('suggest'));
             echo "<script>alert('亲,问题提交一次就OK,不用重复提交哦!');</script>";
             exit;
         }
         $img_path = $this->post['imgpath'];
         $img_path = stripcslashes($img_path);
         $img_path = str_replace('"small_pic"', ',"small_pic"', $img_path);
         $img_path = str_replace('"big_pic"', ',"big_pic"', $img_path);
         $p1 = strpos($img_path, "big_pic");
         $path = substr($img_path, $p1 + 10, strlen($img_path) - $p1 - 10 - 2);
         $path = str_replace('\\/', '/', $path);
         $attach = trim($path);
         if (isset($en_contact) && $comment['contact']['mobile'] == $en_contact) {
             $comment['contact']['mobile'] = $contact;
         }
         $cid = $_ENV['question']->getType(2);
         //建议分类id
         $cid = !empty($cid) ? intval($cid) : 0;
         $cid1Info = $_ENV['category']->getByQType($qtypeId, $cid);
         //qtype对应分类id
         $cid1 = intval($cid1Info['id']);
         $time = time();
         $trimDescription = preg_replace('/\\s+/', '', $description);
         $description = $this->keyWordCheck($trimDescription);
         $BrowerInfo = userBrowerInfo();
         $comment['OS'] = $BrowerInfo['OS'];
         $comment['Browser'] = $BrowerInfo['Browser'];
         $questionInfo = array("qtype" => $qtypeId, "author" => $author, "author_id" => $author_id, "title" => $suggest_title, "description" => $description, "attach" => $attach, "time" => $time, "ip" => getip(), "cid" => $cid, "cid1" => $cid1, "comment" => serialize($comment));
         $question_id = $_ENV['question']->insertQuestion($questionInfo);
         //更新Solr服务器
         $q_search = array();
         if ($question_id > 0) {
             setcookie('last_suggest', md5(trim(strip_tags($description))), time() + 3600);
             if ($this->ask_front_name == '游客') {
                 get_que_id('jy', $question_id);
                 //建议id写入cookie
             }
             $date = date("Y-m-d");
             $_ENV['question']->modifyUserQtypeNum($date, $qtypeId, 'suggest', 1);
             $login_name = trim($this->post['login_name']);
             if (!empty($login_name)) {
                 if ($this->setting['selfServiceFirst'] == 1) {
                     $Apply = $_ENV['question']->ApplyToOperator($question_id, $login_name);
                 }
             }
             $q_search['id'] = $question_id;
             $q_search['title'] = $description;
             $q_search['description'] = $description;
             $q_search['tag'] = json_encode(array(), true);
             $q_search['time'] = $time;
             $q_search['atime'] = 0;
             try {
                 $this->set_search($q_search);
             } catch (Exception $e) {
                 send_AIC('http://sc.5173.com/index.php?question/suggest.html', '搜索服务器异常', 1, '搜索接口');
             }
         }
         header("Location: " . url('question/suggest_success/' . $question_id . '/' . $time, true));
     }
     $telDisplay = $this->setting['telDisplay'];
     $xnDisplay = $this->setting['xnDisplay'];
     $qqDisplay = $this->setting['qqDisplay'];
     $_ENV['question']->PageView(1, getip());
     @(include template('suggest'));
 }