function check_cookie()
{
global $db, $cookiecfg, $tablepre, $onlineip, $onlineurl;
$secret = $_COOKIE[$cookiecfg['prefix'] . secret];
$onlineurl = addslashes($onlineurl);
//old online information
if (isset($secret)) {
list($cookies['uid'], $cookies['username'], $cookies['logintime']) = explode("\t", authcrypt($secret, 'decode'));
//online member
if (is_numeric($cookies['uid'])) {
$sql = "INSERT INTO `{$tablepre}online` (uid,username,logintime,dateline,url) VALUES ('{$cookies['uid']}','{$cookies['username']}',UNIX_TIMESTAMP(),UNIX_TIMESTAMP(),'{$onlineurl}') ON DUPLICATE KEY UPDATE dateline=UNIX_TIMESTAMP(),url='{$onlineurl}'";
$db->query($sql);
//online guest
} else {
$sql = "INSERT INTO `{$tablepre}online` (uid,username,logintime,dateline,url) VALUES ('{$cookies['uid']}','{$onlineip}',UNIX_TIMESTAMP(),UNIX_TIMESTAMP(),'') ON DUPLICATE KEY UPDATE dateline=UNIX_TIMESTAMP(),url='{$onlineurl}'";
$db->query($sql);
}
//new member information
} else {
$time = times();
$rnd = m_rand(5);
m_setcookie('secret', authcrypt("{$rnd}\tguest\t{$time}", 'encode'));
$sql = "INSERT INTO `{$tablepre}online` VALUES ('{$rnd}','{$onlineip}',UNIX_TIMESTAMP(),UNIX_TIMESTAMP(),'{$onlineurl}') ON DUPLICATE KEY UPDATE dateline=UNIX_TIMESTAMP(),url='{$onlineurl}'";
$db->query($sql);
}
}
function turn($url)
{
if (($pos = strpos($url, "?")) !== false) {
$query = URL_SEO ? "/" : "?";
$query .= authcrypt(substr($url, $pos + 1), 'encode');
$fname = substr($url, 0, $pos);
$url = $fname . $query;
}
return $fname == 'index.php' ? $query : $url;
}
public static function request($command)
{
global $_G;
//序列化
$dataset = rawurlencode(authcrypt(serialize($command), VI_SECRET));
//发送请求
$return = @file_get_contents($_G['project']['home'] . 'api.php?action=cloud&domain=' . VI_HOST . '&execute=' . $dataset);
//反序列化
$content = $return ? unserialize($return) : array('return' => 'respond');
return $content;
}
public static function decode_param($domain)
{
return unserialize(authcrypt(rawurldecode($domain), VI_SECRET, 'decode'));
}
}
$onlineurl = 'http://' . $_SERVER['HTTP_HOST'] . addslashes($_SERVER["REQUEST_URI"]);
if ($config['gzip'] && extension_loaded('zlib') && (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false || strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') !== false)) {
ob_start('ob_gzhandler');
} else {
ob_start();
}
if (URL_CRYPT) {
include ROOT_PATH . 'include/urlcrypt.inc.php';
urlcrypt();
}
//import_request_variables("cgP");
foreach (array('_COOKIE', '_POST', '_GET') as $_request) {
foreach (${$_request} as $_key => $_value) {
$_key[0] != '_' && (${$_key} = m_addslashes($_value));
}
}
//m_exit($_POST,true);
check_cookie();
$online = update_online();
//${$cookiepre.auth} == $_COOKIE["{cookiepre}auth"] == $_COOKIE['Ecosme_auth']
$m_uid = $m_username = $m_password = '';
if (isset(${$cookiecfg['prefix'] . secret})) {
list($m_uid, $m_username, $m_logintime) = explode("\t", authcrypt(${$cookiecfg['prefix'] . secret}, 'decode'));
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && times() - $m_logintime > 86400) {
header('Location: ' . $_SERVER['HTTP_REFERER'] . '');
exit;
}
//echo $m_uid."||".$m_username."||".$m_logintime;
//print_r($GLOBALS);
}
break;
//////////////////////////////
//应用市场命令
//////////////////////////////
//应用市场命令
case "market":
// && $_G['manager']['id']
//是否开启安全通信
$connect = isset($_G['setting']['global']['connect']) ? $_G['setting']['global']['connect'] : 'off';
//没有安装 mcrypt
if (function_exists('mcrypt_create_iv') === FALSE) {
exit(serialize(array('return' => 'mcrypt', 'connect' => $connect)));
}
//反序列化
$command = unserialize(authcrypt($execute, VI_SECRET, 'decode'));
//测试命令
if (is_array($command) === FALSE) {
exit(serialize(array('return' => 'secret', 'connect' => $connect)));
}
//延长程序运行时间
if (!ini_get('safe_mode')) {
set_time_limit(0);
}
/////////////////////////
//连接数据库
System::connect();
switch ($command['execute']) {
//测试命令
case 'testing':
exit(serialize(array('string' => $command['string'], 'connect' => $connect)));
$db->query("UPDATE `{$tablepre}memberdata` SET onlinetime=onlinetime+{$visittimes},lastvisit=UNIX_TIMESTAMP() WHERE uid='{$m_uid}'");
$db->query("DELETE FROM `{$tablepre}online` WHERE uid='{$m_uid}'");
}
clearcookie();
header("Location: {$location}");
}
if (array_key_exists('Password', $_POST) && $Password !== '' && $UserName !== '') {
$username = addslashes($UserName);
$password = md5($Password);
//if(($username=='' || $password==''))refer('error',$fromurl);
$query = $db->query("SELECT uid,username FROM `{$tablepre}members` WHERE username='******' AND password='******' LIMIT 1");
if ($db->num_rows($query)) {
$db->query("DELETE FROM `{$tablepre}online` WHERE uid='{$m_uid}'");
list($m_uid, $m_username) = $db->fetch_row($query);
$temp = array($m_uid, $username, $m_username);
//make sure the cookie
$time = time();
$db->query("UPDATE `{$tablepre}memberdata` SET lastvisit = UNIX_TIMESTAMP(),lastloginip = '{$onlineip}',logintimes = logintimes+1 WHERE uid = {$m_uid}");
if (isset($saveCookie)) {
m_setcookie('secret', authcrypt("{$m_uid}\t{$username}\t{$time}", 'encode'), 86400);
} else {
m_setcookie('secret', authcrypt("{$m_uid}\t{$username}\t{$time}", 'encode'));
}
header("Location: {$location}");
} else {
$errorinfo = " 用户名或密码错误!";
}
} elseif (array_key_exists('Password', $_POST)) {
$errorinfo = ' 用户名或密码不能为空!';
}
$templatefile = 'login.html';
