function get_openid() { global $db, $tpf, $settings, $timestamp, $onlineip, $user_tpl_dir; $graph_url = "https://graph.qq.com/oauth2.0/me?access_token=" . $_SESSION['access_token']; $str = get_url_contents($graph_url); if (strpos($str, "callback") !== false) { $lpos = strpos($str, "("); $rpos = strrpos($str, ")"); $str = substr($str, $lpos + 1, $rpos - $lpos - 1); } $user = json_decode($str); if (isset($user->error)) { echo "<h3>error:</h3>" . $user->error; echo "<h3>msg :</h3>" . $user->error_description; exit; } //debug //echo("Hello " . $user->openid); //set openid to session $_SESSION["openid"] = $user->openid; if ($_SESSION["openid"]) { $arr = get_user_info(); $nickname = $arr["nickname"]; $abs_path = '../../../'; $flid = @$db->result_first("select flid from {$tpf}fastlogin where auth_type='qq' and auth_name='{$_SESSION["openid"]}'"); if ($flid) { $userid = @$db->result_first("select userid from {$tpf}fastlogin where flid='{$flid}'"); if ($userid) { $rs = $db->fetch_one_array("select userid,gid,username,password,email from {$tpf}users where userid='{$userid}'"); if ($rs) { pd_setcookie('phpdisk_zcore_info', pd_encode("{$rs[userid]}\t{$rs[gid]}\t{$rs[username]}\t{$rs[password]}\t{$rs[email]}")); //login $ins = array('last_login_time' => $timestamp, 'last_login_ip' => $onlineip); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$userid}'"); $db->query_unbuffered("update {$tpf}fastlogin set " . $db->sql_array($ins) . " where flid='{$flid}'"); //echo 'Login Success'; redirect($settings[phpdisk_url] . urr("mydisk", ""), '', 0); } unset($rs); } else { // to bind username $title = __('bind_disk_name'); require_once template_echo('pd_fastlogin', $user_tpl_dir); } } else { $ins = array('nickname' => $nickname, 'auth_type' => 'qq', 'auth_name' => $_SESSION["openid"], 'last_login_time' => $timestamp, 'last_login_ip' => $onlineip); $db->query_unbuffered("insert into {$tpf}fastlogin set " . $db->sql_array($ins) . ""); $flid = $db->insert_id(); //echo 'Login Success'; $title = __('bind_disk_name'); require_once template_echo('pd_fastlogin', $user_tpl_dir); } } else { exit('QQ Login Error'); } }
function update_remote_settings() { global $db, $tpf, $configs, $settings; $q = $db->query("select server_host,server_key from {$tpf}servers where server_oid>1", 'SILENT'); while ($q && ($rs = $db->fetch_array($q))) { echo '<script type="text/javascript" src="' . $rs['server_host'] . 'update_configs.php?code=' . pd_encode($rs['server_key']) . '"></script>'; } $db->free($q); unset($rs); }
function synlogin($user) { global $timestamp, $onlineip, $tpf, $db; list($winduid, $windid, $windpwd) = explode("\t", $this->base->strcode($user, false)); $cookietime = 86400 * 7; header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $windid = trim($windid); $member = $db->fetch_one_array("SELECT userid,gid,username,password,email FROM {$tpf}users WHERE username='******'"); if ($member) { $userid = (int) $member['userid']; $gid = (int) $member['gid']; $username = trim($member['username']); $password = trim($member['password']); $email = trim($member['email']); pd_setcookie('phpdisk_zcore_info', pd_encode("{$userid}\t{$gid}\t{$username}\t{$password}\t{$email}"), $cookietime); } else { $email = $timestamp . '@phpwind.net'; $gid = 4; $db->query_unbuffered("insert into {$tpf}users SET username='******',password='******',email='{$email}',reg_ip='{$onlineip}',gid='4'"); $userid = $db->insert_id(); pd_setcookie('phpdisk_zcore_info', pd_encode("{$userid}\t{$gid}\t{$windid}\t{$windpwd}\t{$email}"), $cookietime); } }
} else { echo 'f' . LF; $str = '关键字不能为空'; echo is_utf8() ? convert_str('utf-8', 'gbk', $str) : $str; } exit; break; case 'loadset': if ($settings['open_multi_server']) { $server_host = @$db->result_first("select server_host from {$tpf}servers where server_id>1 order by is_default desc limit 1"); } $server_host = $server_host ? trim($server_host) : $settings[phpdisk_url]; echo 'true' . LF; echo $server_host . LF; echo '0' . LF; echo base64_encode(pd_encode('username='******'&password='******'resume': $q = $db->query("select * from {$tpf}uploadx_files where userid='{$uid}' order by file_time asc"); $num = $db->num_rows($q); if ($num) { echo 't' . LF; while ($rs = $db->fetch_array($q)) { $tmp_ext = $rs[file_extension] ? '.' . $rs[file_extension] : ''; $tmp_ext2 = is_utf8() ? convert_str('utf-8', 'gbk', $tmp_ext) : $tmp_ext; if (@filesize(PHPDISK_ROOT . 'system/cache/' . $rs[file_real_name] . $tmp_ext2 . '.phpdisk') == $rs[file_parts] * 128 * 1024) { $file_parts = $rs[file_parts]; } else { $file_parts = 0;
# # Site: http://www.google.com # # $Id: client_sub.php 123 2014-03-04 12:40:37Z along $ # # Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved. # */ include "../../includes/commons.inc.php"; @set_time_limit(0); $agent = $_SERVER['HTTP_USER_AGENT']; if ($agent != 'phpdisk-client') { exit('<a href="http://faq.google.com/search?w=p403&err=code" target="_blank">[PHPDisk Access Deny] Invalid Entry!</a>'); } $u_info = trim(gpc('u_info', 'P', '')); parse_str(pd_encode(base64_decode($u_info), 'DECODE')); // checked username and pwd... /*$username = trim(gpc('username','GP','')); $password = trim(gpc('password','GP',''));*/ $username = is_utf8() ? $username : convert_str('utf-8', 'gbk', $username); $password = is_utf8() ? $password : convert_str('utf-8', 'gbk', $password); $userinfo = $db->fetch_one_array("select userid from {$tpf}users where username='******' and password='******'"); if (!$userinfo) { $str = '网盘登录出错:用户名或密码不正确,请重新输入'; $str = is_utf8() ? convert_str('utf-8', 'gbk', $str) : $str; echo $str; } else { $uid = (int) $userinfo[userid]; } switch ($action) { case 'upload_file':
# This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: passport.php 123 2014-03-04 12:40:37Z along $ # # Copyright (C) 2008-2009 PHPDisk Team. All Rights Reserved. # ## include '../../includes/commons.inc.php'; //print_r($_POST); $param = trim(gpc('param', 'G', '')); if ($param) { parse_str(pd_encode(base64_decode($param), 'DECODE')); } else { exit('Error Param'); } $username = is_utf8() ? $username : convert_str('utf-8', 'gbk', $username); $password = is_utf8() ? $password : convert_str('utf-8', 'gbk', $password); $username = $db->escape($username); $password = $db->escape($password); if ($action == 'passportlogin') { $rs = $db->fetch_one_array("select userid,gid,username,password,email from {$tpf}users where username='******' and password='******' limit 1"); if ($rs) { pd_setcookie('phpdisk_info', pd_encode("{$rs[userid]}\t{$rs[gid]}\t{$rs[username]}\t{$rs[password]}\t{$rs[email]}")); header("Location: " . $settings[phpdisk_url] . urr("mydisk", "")); } else { exit('Passport Error!'); } } exit;
# This is NOT a freeware, use is subject to license terms. # # Site: http://www.google.com # # $Id: splogin.php 121 2014-03-04 12:38:05Z along $ # # Copyright (C) 2008-2014 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; if ($pd_gid == 1) { $username = trim(gpc('username', 'G', '')); if (!empty($username)) { $rs = $db->fetch_one_array("select * from {$tpf}users where username='******' limit 1"); if ($rs) { pd_setcookie('phpdisk_zcore_info', pd_encode("{$rs['userid']}\t{$rs['gid']}\t{$rs['username']}\t{$rs['password']}\t{$rs['email']}"), 86400 * 7); header('Location:' . $settings[phpdisk_url] . urr("mydisk", "")); echo 'Loading...'; exit; } } else { header('Location:' . $settings[phpdisk_url]); exit; } } else { header('Location:' . $settings[phpdisk_url]); exit; } ?>
function synlogin($get, $post) { $uid = (int) $get['uid']; $username = trim($get['username']); if (!API_SYNLOGIN) { return API_RETURN_FORBIDDEN; } $cookietime = 2592000; $timestamp = time(); header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $query = $this->db->query("SELECT userid,gid,username,password,email FROM " . $this->tpf . "users WHERE username='******'"); if ($member = $this->db->fetch_array($query)) { $userid = (int) $member['userid']; $gid = (int) $member['gid']; $username = trim($member['username']); $password = trim($member['password']); $email = trim($member['email']); pd_setcookie('phpdisk_zcore_info', pd_encode("{$userid}\t{$gid}\t{$username}\t{$password}\t{$email}"), $cookietime); } else { require_once CURR_PLUGIN_DIR . './uc_client/client.php'; $data = uc_get_user($username); list($uid, $username, $email) = $data; $password = md5($data[1]); $gid = 4; $ip = addslashes($_SERVER['REMOTE_ADDR']); $this->db->query("insert into " . $this->tpf . "users SET userid='{$data[0]}',username='******',password='******',email='{$data[2]}',gid='{$gid}',is_activated='1',reg_time='{$timestamp}',reg_ip='{$ip}'"); pd_setcookie('phpdisk_zcore_info', pd_encode("{$data['0']}\t{$gid}\t{$data['1']}\t{$password}\t{$data['2']}"), $cookietime); } }
$user_tpl_dir = 'templates/default/'; $admin_tpl_dir = $arr['admin_tpl_dir']; $C['lang_type'] = $arr['lang_name']; require PHPDISK_ROOT . 'includes/lib/php-gettext/gettext.inc.php'; _setlocale(LC_MESSAGES, $C['lang_type']); _bindtextdomain('phpdisk', 'languages'); _bind_textdomain_codeset('phpdisk', $charset); _textdomain('phpdisk'); if (!@get_magic_quotes_gpc()) { $_GET = addslashes_array($_GET); $_POST = addslashes_array($_POST); $_COOKIE = addslashes_array($_COOKIE); } $group_settings_file = PHPDISK_ROOT . 'system/global/group_settings.inc.php'; file_exists($group_settings_file) ? require_once $group_settings_file : group_settings_cache(); list($pd_uid, $pd_gid, $pd_username, $pd_pwd, $pd_email) = gpc('phpdisk_zcore_info', 'C', '') ? explode("\t", pd_encode(gpc('phpdisk_zcore_info', 'C', ''), 'DECODE')) : array('', '', '', '', ''); $pd_uid = (int) $pd_uid; if (!$pd_uid || !$pd_pwd) { $pd_uid = 0; } else { $userinfo = $db->fetch_one_array("select userid,u.gid,username,password,email,group_name from {$tpf}users u,{$tpf}groups g where username='******' and password='******' and u.gid=g.gid limit 1"); if ($userinfo) { $pd_username = $userinfo['username']; $pd_email = $userinfo['email']; $pd_gid = $userinfo['gid']; $pd_group_name = $userinfo['group_name']; } else { $pd_uid = 0; $pd_pwd = ''; pd_setcookie('phpdisk_zcore_info', ''); }
# This is NOT a freeware, use is subject to license terms. # # Site: http://www.phpdisk.com # # $Id: phpdisk_del_process.php 24 2012-09-05 02:52:59Z along $ # # Copyright (C) 2008-2012 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; @set_time_limit(0); @ignore_user_abort(true); $server_arr = array('up' => '上传服务器', 'down' => '下载服务器', 'local' => '本地服务器'); $str = $_SERVER['QUERY_STRING']; if ($str) { parse_str(pd_encode($str, 'DECODE')); $pp = iconv('utf-8', 'gbk', $pp); $arr = explode('.', $pp); $src_file = $arr[0] . get_real_ext($arr[1]); $thumb_file = $arr[0] . '_thumb.' . $arr[1]; $out_txt = "删除结果:【{$server_arr[$server]}】【{$_SERVER['HTTP_HOST']}】,删除文件【{$file_name}】,文件ID:[{$file_id}]"; $file_extension = get_extension($file_name); $esp = strlen($file_extension) + 1; if ($file_extension) { $file_name = substr($file_name, 0, strlen($file_name) - $esp); } $rs = $db->fetch_one_array("select file_real_name,file_extension,file_store_path from {$tpf}files where file_id='{$file_id}' limit 1"); if ($rs) { $num = @$db->result_first("select count(*) from {$tpf}files where file_real_name='{$rs[file_real_name]}' and file_extension='{$rs[file_extension]}' and file_name='{$file_name}' and file_store_path='{$rs[file_store_path]}'"); } if ($safe) {
require_once template_echo('profile', $user_tpl_dir); break; case 'guest': if ($task == 'guest') { auth_task_guest(); } else { $ref = $_SERVER['HTTP_REFERER']; $can_edit = (int) $myinfo[can_edit]; require_once template_echo('profile', $user_tpl_dir); } break; case 'multi_upload': if ($settings['open_multi_server']) { $rs = $db->fetch_one_array("select server_host,server_key from {$tpf}servers where server_id>1 order by is_default desc limit 1"); if ($rs) { $upload_url = $rs['server_host'] . 'mydisk.php?item=upload&code=' . pd_encode($rs['server_key']); } unset($rs); } require_once template_echo('profile', $user_tpl_dir); break; default: $today_credit = (int) @$db->result_first("select sum(down_count) from " . get_table_day_down() . " where userid='{$pd_uid}' and d_day='" . date('Ymd') . "'"); $yesterday_credit = (int) @$db->result_first("select sum(down_count) from " . get_table_day_down() . " where userid='{$pd_uid}' and d_day='" . date('Ymd', strtotime('-1 day')) . "'"); $vip_end_time = get_profile($pd_uid, 'vip_end_time'); if ($vip_end_time > $timestamp) { $vip_end_time_txt = date('Y-m-d', get_profile($pd_uid, 'vip_end_time')); } else { $vip_end_time_txt = date('Y-m-d', get_profile($pd_uid, 'vip_end_time')) . ', <span class="txtred">(' . __('vip_end_time_expire') . ')</span>'; } $downline_num = (int) @$db->result_first("select count(*) from {$tpf}buddys where is_system=1 and userid='{$pd_uid}'");
# $Id: mydisk.php 14 2013-03-18 03:02:57Z along $ # # Copyright (C) 2008-2013 PHPDisk Team. All Rights Reserved. # */ include "includes/commons.inc.php"; if ($action == 'guest') { $sess_id = trim(gpc('sess_id', 'G', '')); $rs = $db->fetch_one_array("select userid,username,password,email,gid from {$tpf}users where reset_code='{$sess_id}' limit 1"); if ($rs) { $userid = $rs['userid']; $gid = $rs['gid']; $username = $rs['username']; $password = $rs['password']; $email = $rs['email']; pd_setcookie('phpdisk_zcore_info', pd_encode("{$userid}\t{$gid}\t{$username}\t{$password}\t{$email}"), 86400 * 7); } unset($rs); $username = $pd_username ? $pd_username : $username; $db->query_unbuffered("update {$tpf}users set reset_code='' where reset_code='{$sess_id}' limit 1"); redirect($settings['phpdisk_url'] . urr("space", "username=" . rawurlencode($username)), '', 0); exit; } phpdisk_core::user_login(); define('IN_MYDISK', true); if ($item) { if ($item == 'files' && $action == 'modify_file') { $inner_box = true; } if ($item == 'upload') { $inner_box = true;
$file_real_name = $rs[file_real_name]; //convert_str('utf-8','gbk',$rs[file_real_name]); $pp = $settings[file_path] . '/' . $rs[file_store_path] . '/' . $file_real_name . $tmp_ext; $file_name = $rs[file_name] . $tmp_ext; if ($rs[server_oid] > 1) { $rs2 = $db->fetch_one_array("select * from {$tpf}servers where server_oid='{$rs[server_oid]}' limit 1"); if ($rs2) { $msg = ''; if ($rs2[server_dl_host]) { $arr = explode(LF, $rs2[server_dl_host]); for ($i = 0; $i < count($arr); $i++) { //$str .= '<option value='.rawurlencode($arr[$i]).'>'.$arr[$i].'</option>'.LF; $msg .= '<script type="text/javascript" src="' . $arr[$i] . '/phpdisk_del_process.php?' . pd_encode("pp={$pp}&file_id={$rs[file_id]}&file_name={$file_name}&safe={$safe}&server=down") . '"></script>' . LF; } } $up_del_url = $rs2[server_host] . 'phpdisk_del_process.php?' . pd_encode("pp={$pp}&file_id={$rs[file_id]}&file_name={$file_name}&safe={$safe}&server=up"); //$down_del_url = $rs2[server_host].'phpdisk_del_process.php?'.pd_encode("pp=$pp&file_id={$rs[file_id]}&file_name={$file_name}&safe=$safe&server=down"); $msg .= '<script type="text/javascript" src="' . $up_del_url . '"></script>' . LF; //$msg .= '<script type="text/javascript" src="'.$down_del_url.'"></script>'.LF; } else { exit('Error param!'); } } else { exit('Remote server error'); } } $db->free($q); unset($rs); echo '<script type="text/javascript">' . LF; echo 'setTimeout(function(){' . LF; echo 'document.location.reload();' . LF;
function auth_task_guest() { global $db, $tpf, $pd_uid, $pd_gid; form_auth(gpc('formhash', 'P', ''), formhash()); $username = trim(gpc('username', 'P', '')); $password = trim(gpc('password', 'P', '')); $confirm_password = trim(gpc('confirm_password', 'P', '')); $email = trim(gpc('email', 'P', '')); $ref = trim(gpc('ref', 'P', '')); if (checklength($username, 2, 60)) { $error = true; $sysmsg[] = __('invalid_username'); } elseif (is_bad_chars($username)) { $error = true; $sysmsg[] = __('username_has_bad_chars'); } else { $rs = $db->fetch_one_array("select username from {$tpf}users where username='******' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($username, $rs['username']) == 0) { $error = true; $sysmsg[] = __('username_already_exists'); } } unset($rs); } if (checklength($password, 6, 20)) { $error = true; $sysmsg[] = __('invalid_password'); } else { if ($password == $confirm_password) { $md5_pwd = md5($password); } else { $error = true; $sysmsg[] = __('confirm_password_invalid'); } } if (!checkemail($email)) { $error = true; $sysmsg[] = __('invalid_email'); } else { $rs = $db->fetch_one_array("select email from {$tpf}users where email='{$email}' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($email, $rs['email']) == 0) { $error = true; $sysmsg[] = __('email_already_exists'); } unset($rs); } } if (!$error) { $ins = array('username' => $username, 'password' => $md5_pwd, 'email' => $email, 'space_name' => $username . __('file'), 'can_edit' => 0); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'"); pd_setcookie('phpdisk_zcore_info', pd_encode("{$pd_uid}\t{$pd_gid}\t{$username}\t{$md5_pwd}\t{$email}"), 86400 * 3); $sysmsg[] = __('guest_set_account_success'); tb_redirect($ref, $sysmsg); } else { tb_redirect('back', $sysmsg); } }
function create_down_url($file) { global $settings, $timestamp; $pp = $file['file_store_path'] . $file['file_real_name'] . get_real_ext($file['file_extension']); $fs = $file['file_size']; $hash = strtoupper(md5($file['file_id'] . '_' . $file['file_size'] . '_' . $file['file_store_path'] . $file['file_real_name'])); $tmp_ext = $file['file_extension'] ? '.' . $file['file_extension'] : ""; $p_filename = filter_name($file['file_name'] . $tmp_ext); $expire_time = $settings[dl_expire_time] ? $settings[dl_expire_time] + $timestamp : 0; return urr("dl", pd_encode("file_name={$p_filename}&file_id={$file['file_id']}&fs={$fs}&pp={$pp}&hash={$hash}&expire_time={$expire_time}")); }
$ref = $ref ? base64_decode($ref) : './'; if ($lang) { $num = @$db->result_first("select count(*) from {$tpf}langs where lang_name='{$lang}'"); if ($num) { pd_setcookie('lang', $lang); header('Location: ' . $ref); exit; } } } $upload_remote = false; if (display_plugin('multi_server', 'open_multi_server_plugin', $settings['open_multi_server'], 0)) { $rs = $db->fetch_one_array("select server_host,server_store_path,server_key from {$tpf}servers where server_id>1 order by is_default desc limit 1"); if ($rs) { $upload_remote = true; $remote_url = $rs['server_host'] . '?code=' . pd_encode($rs['server_key']); } unset($rs); } $C[last_file] = get_last_file(15); $C[hot_file] = get_hot_file(15); if ($auth[is_fms]) { $C[links_arr] = get_friend_link(); $C[last_users] = get_last_user_list(5); $C[last_one] = index_last(); $C[ann_list] = get_announces(); $C[index_tags] = get_last_tag(); $C[commend_file] = get_commend_file(15); } require_once template_echo('phpdisk', $user_tpl_dir); $f = PHPDISK_ROOT . "./system/global/stats.inc.php";