function qq_callback() { global $setting; if ($_REQUEST['state'] == tcookie('state')) { //csrf $token_url = "https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&" . "client_id=" . $setting["qqlogin_appid"] . "&redirect_uri=" . urlencode(SITE_URL . "plugin/qqlogin/qq_callback.php") . "&client_secret=" . $setting["qqlogin_key"] . "&code=" . $_REQUEST["code"]; $response = get_url_contents($token_url); if (strpos($response, "callback") !== false) { $lpos = strpos($response, "("); $rpos = strrpos($response, ")"); $response = substr($response, $lpos + 1, $rpos - $lpos - 1); $msg = json_decode($response); if (isset($msg->error)) { echo "<h3>error:</h3>" . $msg->error; echo "<h3>msg :</h3>" . $msg->error_description; exit; } } $params = array(); parse_str($response, $params); header("Location:" . SITE_URL . "index.php?user/register/" . $params["access_token"]); } else { echo "The state does not match. You may be a victim of CSRF."; } }
function init_user() { @($auth = tcookie('auth')); $user = array('uid' => 0); @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1)); if ($uid && $password) { $finduser = $this('user')->findById($uid); $finduser && $password == $finduser['password'] && ($user = $finduser); } $user['ip'] = $this->ip; $this->user = $user; }
function onajaxgood() { $qid = $this->get[2]; $tgood = tcookie('good_' . $qid); !empty($tgood) && exit('-1'); $_ENV['question']->update_goods($qid); tcookie('good_' . $qid, $qid); exit('1'); }
function logout() { tcookie('sid', '', 0); tcookie('auth', '', 0); tcookie('loginuser', '', 0); $lasttime = $this->db->result_first("SELECT MAX(time) FROM " . DB_TABLEPRE . "session WHERE uid=" . $this->base->user['uid']); $this->db->query("DELETE FROM " . DB_TABLEPRE . "session WHERE uid=" . $this->base->user['uid'] . " AND `time`<{$lasttime}"); }
header('Content-type: text/html; charset=UTF-8'); /*$get=taddslashes($_GET); $post=taddslashes($_POST); */ $get = $_GET; $post = $_POST; unset($GLOBALS, $_ENV, $_GET, $_POST); empty($get['c']) && ($get['c'] = 'index'); empty($get['a']) && ($get['a'] = 'default'); define('ACTION', $get['a']); define('REGULAR', $get['c'] . '/' . $get['a']); //load control... $controlfile = APP_ROOT . '/control/' . $get['c'] . '.php'; if (false === @(include $controlfile)) { notfound('control file "' . $controlfile . '" not found!'); } $controlname = $get['c'] . 'control'; $control = new $controlname($get, $post); $method = strtolower('on' . $get['a']); if (method_exists($control, $method)) { $isajax = 0 === strpos($get['a'], 'ajax'); if ($control->checkable(REGULAR) || $isajax) { $control->{$method}(); } else { $querystring = strcode($_SERVER["QUERY_STRING"], '', 'ENCODE'); tcookie('querystring', $querystring, 86400); $control->message('您无权进行当前操作,原因如下:<br/> 您所在的用户组(' . $control->user['title'] . ')无法进行此操作。', 'c=user&a=login'); } } else { notfound('control "' . $controlname . '" method "' . $method . '" not found!'); }
$member['cookietime'] = $member['cktime'] ? $member['cktime'] - TIME : 0; if ($action == 'login') { $member['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $member['username']); if (strlen($member['username']) > 20) { $member['username'] = substr($member['username'], 0, 20); } if (empty($member['time']) || empty($member['username']) || empty($member['password'])) { exit('Lack of required parameters!'); } elseif ($setting['passport_expire'] && TIME - $member['time'] > $setting['passport_expire']) { exit('Request expired!'); } $user = $db->fetch_first("SELECT * FROM " . DB_TABLEPRE . "user WHERE username='******'username'] . "'"); if ($user) { $uid = $user['uid']; // $user->edit($member); } else { $credit1 = $setting['credit1_register']; $credit2 = $setting['credit2_register']; $db->query("INSERT INTO " . DB_TABLEPRE . "user(username,password,email,credit1,credit2) values ('{$member['username']}','{$member['password']}','{$member['email']}',{$credit1},{$credit2})"); $uid = $db->insert_id(); $db->query("INSERT INTO " . DB_TABLEPRE . "credit(uid,time,operation,credit1,credit2) VALUES ({$uid}," . TIME . ",'user/register',{$credit1},{$credit2}) "); } $forward = empty($forward) ? $setting['passport_server'] : $forward; $auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE'); tcookie('auth', $auth, 24 * 3600 * 365); } elseif ($action == 'logout' || $action == 'quit') { tcookie('sid', ''); tcookie('auth', ''); $forward = empty($forward) ? $setting['passport_server'] : $forward; } header('location:' . $forward);
function refresh($user) { global $db, $setting; $uid = $user['uid']; $password = $user['password']; $time = time(); $sid = tcookie('sid'); $db->query("UPDATE " . DB_TABLEPRE . "user SET `lastlogin`={$time} WHERE `uid`={$uid}"); //更新最后登录时间 $db->query("REPLACE INTO " . DB_TABLEPRE . "session (sid,uid,islogin,ip,`time`) VALUES ('{$sid}',{$uid},1,'" . getip() . "',{$time})"); $auth = authcode("{$uid}\t{$password}", 'ENCODE'); tcookie('auth', $auth); tcookie('loginuser', ''); }
function get_question_view($qid) { $views = tcookie('views'); if (!empty($views)) { $view_arr = explode(',', $views); if (!in_array($qid, $view_arr)) { tcookie('views', $views . ',' . $qid); $this->db->query("UPDATE " . DB_TABLEPRE . "question SET views=views+1 WHERE id='" . $qid . "'"); //$this->redis->LPUSH('view',$qid); } } else { tcookie('views', $qid); $this->db->query("UPDATE " . DB_TABLEPRE . "question SET views=views+1 WHERE id='" . $qid . "'"); //$this->redis->LPUSH('view',$qid); } //$this->redis->LPUSH('view',$qid); }
function logout() { tcookie('auth', '', 0); }
function synlogout($get, $post) { if (!API_SYNLOGOUT) { return API_RETURN_FORBIDDEN; } //note 同步登出 API 接口 header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); tcookie('sid', '', 0); tcookie('auth', '', 0); }
function init_user() { @($sid = tcookie('sid')); @($auth = tcookie('auth')); $user = array(); @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", authcode($auth, 'DECODE')), 1)); if (!$sid) { $sid = substr(md5(time() . $this->ip . random(6)), 16, 16); tcookie('sid', $sid, 31536000); } $this->load('user'); if ($uid && $password) { $user = $_ENV['user']->get_by_uid($uid, 0); $password != $user['password'] && ($user = array()); } if (!$user) { $user['uid'] = 0; $user['groupid'] = 6; } $_ENV['user']->refresh_session_time($sid, $user['uid']); $user['sid'] = $sid; $user['ip'] = $this->ip; $user['uid'] && ($user['loginuser'] = $user['username']); $user['uid'] && ($user['avatar'] = get_avatar_dir($user['uid'])); $this->user = array_merge($user, $this->usergroup[$user['groupid']]); }
function onsuggest() { $question_type = "suggest"; $question_type_list = $this->ask_config->getQuestionType(); $title = "服务中心-我要" . $question_type_list[$question_type]; $all_num = $_ENV['question']->total_question(); $qtypeId = isset($this->get[2]) ? intval($this->get[2]) : (isset($this->post['qtypeId']) ? intval($this->post['qtypeId']) : 0); $loginName = $this->ask_front_name; $allQtype = $_ENV['qtype']->GetAllQType(1, "", 0); if (!isset($allQtype[$qtypeId])) { header("Location: http://sc.5173.com/index.php?question/ask_skip.html"); } $subList = $_ENV['qtype']->GetSubList($qtypeId); if (!empty($subList)) { header("Location: http://sc.5173.com/index.php?question/subList/suggest/{$qtypeId}.html"); } $qtypeName = $allQtype[$qtypeId]; $operatorInfo = ''; // 获取我的专属客服 if ($this->ask_front_name == '游客') { $selfAuthor_where = ''; // 获取专属客服条件 } else { $t_cid = $_ENV['question']->getType(3); $operatorInfo = $_ENV['operator']->getMySelfAuthor($this->ask_front_name); $selfAuthor_where = $_ENV['question']->front_selfAuthor_where($operatorInfo['login_name'], '', 1, $t_cid); } if ($selfAuthor_where) { $selfAuthorNum = $_ENV['question']->front_mySelfAuthorNum($selfAuthor_where); } else { $selfAuthorNum = 0; } $url = ''; if ($qtypeName['pid'] > 0) { $url = '<a href="http://sc.5173.com/index.php?question/subList/suggest/' . $qtypeName['pid'] . '.html">选择' . $allQtype[$qtypeName['pid']]['name'] . '类' . $question_type_list[$question_type] . '</a> >  '; } //未登陆跳转地址 $login_url = "http://" . config::FRONT_LOGIN_DOMAIN . "/?returnUrl=" . urlencode(curPageURL()); $display_yzm = false; if ($this->ask_front_name != '游客') { $contact = $this->cache->get(md5('SJ' . $this->ask_front_id)); if (false === $contact) { $contact = get_mobile($this->ask_front_id); if (!empty($contact)) { $this->cache->set(md5('SJ' . $this->ask_front_id), $contact, 1800); } //缓存30分钟 } if (!empty($contact)) { $en_contact = substr_replace($contact, '****', 3, 4); } } $suggest_title = isset($this->post['title']) ? htmlspecialchars(trim($this->post['title'])) : ''; $description = isset($this->post['description']) && $this->post['description'] != "我们非常重视您的" . $question_type_list[$question_type] . ",请在这里告诉我们" ? htmlspecialchars(trim($this->post['description'])) : ''; $contact_num = isset($this->post['contact_num']) ? htmlspecialchars($this->post['contact_num']) : (isset($en_contact) ? $en_contact : ''); $J_code = isset($this->post['J_code']) ? strtolower(htmlspecialchars($this->post['J_code'])) : ''; if ($this->ask_front_name == '游客') { $author = isset($this->post['author']) && $this->post['author'] != '请输入5173用户名' ? trim($this->post['author']) : ''; $author_id = ''; } else { $author_id = $this->ask_front_id; $author = $this->ask_front_name; } $t_yzm = tcookie('yzm'); if (empty($t_yzm)) { tcookie('yzm', time(), 1800); //存放半个小时 } else { $over_time = time() - $t_yzm; //距离现在的秒数 if ($over_time < 1800) { $display_yzm = true; } else { tcookie('yzm', '', time() - 3600); //删除 } } if ($this->ask_front_name != '游客') { $display_yzm = false; } //登陆用户不显示验证码 if (isset($this->post['contact'])) { $comment['contact'] = $this->post['contact']; } else { $comment['contact']['mobile'] = isset($en_contact) ? $en_contact : ''; } $flag = 0; if (isset($this->post['act'])) { if (isset($this->post['contact'])) { $comment['contact'] = $this->post['contact']; if ($comment['contact']['mobile'] != "") { if (isset($en_contact) && $comment['contact']['mobile'] == $en_contact) { $comment['contact']['mobile'] = $contact; } if (!checkmobile($comment['contact']['mobile'])) { $errorMsg['mobile'] = '手机号'; unset($comment['contact']['mobile']); } else { $flag++; } } else { $errorMsg['mobile'] = '手机号'; unset($comment['contact']['mobile']); } if ($comment['contact']['qq'] != "") { if (!isQQ($comment['contact']['qq'])) { //$errorMsg['qq'] = 'QQ号'; unset($comment['contact']['qq']); } else { //$flag++; } } else { //$errorMsg['qq'] = 'QQ号'; unset($comment['contact']['qq']); } if ($comment['contact']['weixin'] != '') { if (strlen($comment['contact']['weixin']) > 20 || strlen($comment['contact']['weixin']) < 4 || trim($comment['contact']['weixin']) == "微信号") { //$errorMsg['weixin'] = '微信号'; unset($comment['contact']['weixin']); } else { //$flag++; } } else { //$errorMsg['weixin'] = '微信号'; unset($comment['contact']['weixin']); } } if ($flag == 0 && count($errorMsg) > 0) { $error = implode("、", $errorMsg) . "未填写或格式不正确"; $comment['contact'] = $this->post['contact']; @(include template('suggest')); echo "<script>alert('" . $error . "');</script>"; exit; } if ($description == '') { $comment['contact'] = $this->post['contact']; @(include template('suggest')); echo "<script>alert('建议内容不能为空。');</script>"; exit; } elseif (mb_strlen($description, 'UTF-8') > 500 || mb_strlen($description, 'UTF-8') < 5) { $comment['contact'] = $this->post['contact']; @(include template('suggest')); echo "<script>alert('建议内容请保持在5-500个字内。');</script>"; exit; } if ($this->ask_front_name == '游客') { if ($author == "" || mb_strlen($author, 'UTF-8') > 20) { @(include template('suggest')); echo "<script>alert('请输正确格式的5173登陆用户名');</script>"; exit; } if ($J_code == "" || $J_code != $_SESSION['code']) { $comment['contact'] = $this->post['contact']; @(include template('suggest')); echo "<script>alert('验证码不正确!');</script>"; exit; } } //提问数限制 $limit_question_num = intval($this->setting['limit_question_num']); if (!empty($limit_question_num)) { $comment['contact'] = $this->post['contact']; $num_ip = $_ENV['question']->get_num_by_ip(getip()); if ($num_ip >= $limit_question_num) { @(include template('suggest')); echo "<script>alert('您的操作太频繁啦,让服务器休息一下,稍后再进行建议!');</script>"; exit; } } //IP黑名单 $BlackList = explode("|", $this->setting['IpBlackList']); if (in_array(getip(), $BlackList)) { $comment['contact'] = $this->post['contact']; @(include template('suggest')); echo "<script>alert('您的操作太频繁啦,让服务器休息一下,稍后再建议!');</script>"; exit; } if ($this->ask_front_name != '游客') { //登录提问 $GagLog = $_ENV['user']->getGag($this->ask_front_name); if (count($GagLog) > 0) { $comment['contact'] = $this->post['contact']; @(include template('suggest')); echo "<script>alert('很抱歉,您的帐号已被管理员禁言处理,请您自觉遵守5173言论规则。');</script>"; exit; } } $description = cutstr(strip_tags($description), 500, ''); if (md5(trim(strip_tags($description))) == $_COOKIE['last_suggest']) { @(include template('suggest')); echo "<script>alert('亲,问题提交一次就OK,不用重复提交哦!');</script>"; exit; } $img_path = $this->post['imgpath']; $img_path = stripcslashes($img_path); $img_path = str_replace('"small_pic"', ',"small_pic"', $img_path); $img_path = str_replace('"big_pic"', ',"big_pic"', $img_path); $p1 = strpos($img_path, "big_pic"); $path = substr($img_path, $p1 + 10, strlen($img_path) - $p1 - 10 - 2); $path = str_replace('\\/', '/', $path); $attach = trim($path); if (isset($en_contact) && $comment['contact']['mobile'] == $en_contact) { $comment['contact']['mobile'] = $contact; } $cid = $_ENV['question']->getType(2); //建议分类id $cid = !empty($cid) ? intval($cid) : 0; $cid1Info = $_ENV['category']->getByQType($qtypeId, $cid); //qtype对应分类id $cid1 = intval($cid1Info['id']); $time = time(); $trimDescription = preg_replace('/\\s+/', '', $description); $description = $this->keyWordCheck($trimDescription); $BrowerInfo = userBrowerInfo(); $comment['OS'] = $BrowerInfo['OS']; $comment['Browser'] = $BrowerInfo['Browser']; $questionInfo = array("qtype" => $qtypeId, "author" => $author, "author_id" => $author_id, "title" => $suggest_title, "description" => $description, "attach" => $attach, "time" => $time, "ip" => getip(), "cid" => $cid, "cid1" => $cid1, "comment" => serialize($comment)); $question_id = $_ENV['question']->insertQuestion($questionInfo); //更新Solr服务器 $q_search = array(); if ($question_id > 0) { setcookie('last_suggest', md5(trim(strip_tags($description))), time() + 3600); if ($this->ask_front_name == '游客') { get_que_id('jy', $question_id); //建议id写入cookie } $date = date("Y-m-d"); $_ENV['question']->modifyUserQtypeNum($date, $qtypeId, 'suggest', 1); $login_name = trim($this->post['login_name']); if (!empty($login_name)) { if ($this->setting['selfServiceFirst'] == 1) { $Apply = $_ENV['question']->ApplyToOperator($question_id, $login_name); } } $q_search['id'] = $question_id; $q_search['title'] = $description; $q_search['description'] = $description; $q_search['tag'] = json_encode(array(), true); $q_search['time'] = $time; $q_search['atime'] = 0; try { $this->set_search($q_search); } catch (Exception $e) { send_AIC('http://sc.5173.com/index.php?question/suggest.html', '搜索服务器异常', 1, '搜索接口'); } } header("Location: " . url('question/suggest_success/' . $question_id . '/' . $time, true)); } $telDisplay = $this->setting['telDisplay']; $xnDisplay = $this->setting['xnDisplay']; $qqDisplay = $this->setting['qqDisplay']; $_ENV['question']->PageView(1, getip()); @(include template('suggest')); }