if (time() - $t > 86400) {
error_page("Link has expired;\r\n\t\t\tgo <a href=get_passwd.php>here</a> to\r\n\t\t\tget a new login link by email.");
}
send_cookie('auth', $user->authenticator, true);
Header("Location: home.php");
exit;
}
// check for account key case.
// see if key is in URL; if not then check for POST data
//
$authenticator = get_str("key", true);
if (!$authenticator) {
$authenticator = post_str("authenticator", true);
}
if (!$authenticator) {
error_page("You must supply an account key");
}
if (substr($user->authenticator, 0, 1) == 'x') {
//User has been bad so we are going to take away ability to post for awhile.
error_page("This account has been administratively disabled.");
}
$user = lookup_user_auth($authenticator);
if (!$user) {
page_head("Login failed");
echo "There is no account with that authenticator.\r\n\t\tPlease <a href=get_passwd.php>try again</a>.\r\n\t";
page_tail();
} else {
Header("Location: {$next_url}");
$perm = $_POST['stay_logged_in'];
send_cookie('auth', $authenticator, $perm);
}
}
if (!is_valid_country($country)) {
echo "bad country";
exit;
}
$postal_code = '';
$user = make_user($new_email_addr, $new_name, $passwd_hash, $country, $postal_code, $project_prefs = "", $teamid = 0);
if (!$user) {
show_error("Couldn't create account");
}
if (defined('INVITE_CODES')) {
error_log("Account '{$new_email_addr}' created using invitation code '{$invite_code}'");
}
}
// Log-in user in the web
// In success case, redirect to a fixed page so that user can
// return to it without getting "Repost form data" stuff
$next_url = post_str('next_url', true);
$next_url = sanitize_local_url($next_url);
if ($next_url) {
Header("Location: " . URL_BASE . "{$next_url}");
} else {
Header("Location: " . URL_BASE . "home.php");
send_cookie('init', "1", true);
send_cookie('via_web', "1", true);
}
send_cookie('auth', $user->authenticator, true);
}
} catch (ErrorException $e) {
echo $e->getMessage();
}
function login_with_ldap($uid, $passwd, $next_url, $perm)
{
list($ldap_user, $error_msg) = ldap_auth($uid, $passwd);
if ($error_msg) {
error_page($error_msg);
}
$x = ldap_email_string($uid);
$user = BoincUser::lookup_email_addr($x);
if (!$user) {
// LDAP authentication succeeded but we don't have a user record.
// Create one.
//
$user = make_user_ldap($x, $ldap_user->name);
}
if (!$user) {
error_page("Couldn't create user");
}
Header("Location: " . url_base() . "{$next_url}");
send_cookie('auth', $user->authenticator, $perm);
return;
}
// get the sort style either from the logged in user or a cookie
if ($user) {
$sort_style = $user->prefs->forum_sorting;
} else {
if (isset($_COOKIE['sorting'])) {
list($sort_style, $thread_style) = explode("|", $_COOKIE['sorting']);
}
}
} else {
// set the sort style
if ($user) {
$user->prefs->forum_sorting = $sort_style;
$user->prefs->update("forum_sorting={$sort_style}");
} else {
list($old_style, $thread_style) = explode("|", $_COOKIE['sorting']);
send_cookie('sorting', implode("|", array($sort_style, $thread_style)), true);
}
}
switch ($forum->parent_type) {
case 0:
$category = BoincCategory::lookup_id($forum->category);
if ($category->is_helpdesk) {
page_head(tra("Questions and Answers") . ' : ' . $forum->title);
?>
<link href="forum_help_desk.php" rel="up" title="Forum Index"><?php
} else {
page_head(tra("Message boards") . ' : ' . $forum->title);
?>
<link href="forum_index.php" rel="up" title="Forum Index"><?php
}
show_forum_header($user);
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
//
// This file was modified by contributors of "BOINC Web Tweak" project.
require_once "../inc/util.inc";
require_once "../inc/translation.inc";
$languages = getSupportedLanguages();
if (!is_array($languages)) {
error_page("Language selection not enabled. Project admins must run the update_translations.php script.");
}
$prefs = $_SERVER["HTTP_ACCEPT_LANGUAGE"];
$set_lang = get_str("set_lang", true);
if ($set_lang) {
if (!in_array($set_lang, $languages) && $set_lang != "auto") {
error_page("Language not supported");
} else {
send_cookie('lang', $set_lang, true);
header("Location: index.php");
exit;
}
}
page_head("Language selection");
?>
<p>
This web site is available in several languages.
The currently selected language is: <em><?php
echo tra("LANG_NAME_INTERNATIONAL");
?>
</em> (<?php
echo tra("LANG_NAME_NATIVE");
?>
).
require_once "../inc/util.inc";
require_once "../inc/email.inc";
$auth = post_str("auth");
$name = post_str("name");
if (strlen($name) == 0) {
error_page("You must supply a name for your account");
}
if ($new_name != strip_tags($new_name)) {
error_page("HTML tags not allowed in name");
}
$country = post_str("country");
if (!is_valid_country($country)) {
error_page("invalid country");
}
$country = BoincDb::escape_string($country);
$postal_code = BoincDb::escape_string(strip_tags(post_str("postal_code", true)));
$auth = BoincDb::escape_string($auth);
$name = BoincDb::escape_string($name);
$postal_code = BoincDb::escape_string($postal_code);
$user = BoincUser::lookup("authenticator='{$auth}'");
if (!$user) {
error_page("no such user");
}
$retval = $user->update("name='{$name}', country='{$country}', postal_code='{$postal_code}'");
if (!$retval) {
error_page("database error");
}
Header("Location: team_search.php");
send_cookie('auth', $auth, true);
send_cookie('init', "1", true);
}
echo proc_tpl('editusers/user', array('CSRF' => $CSRF, 'user_arr[2]' => $user_arr[2], 'user_arr[4]' => $user_arr[4], 'user_arr[5]' => $user_arr[5], 'user_arr[6]' => $user_arr[6], 'user_date' => date("r", $user_arr[0]), 'edit_level' => $edit_level, 'last_login' => empty($user_arr[UDB_LAST]) ? lang('never') : date('r', $user_arr[UDB_LAST]), 'id' => $id));
} elseif ($action == "doedituser") {
CSRFCheck();
list($id, $editemail, $editpassword, $editlevel) = GET('id,editemail,editpassword,editlevel');
if (empty($id)) {
die(lang("This is not a valid user"));
}
if (false === ($the_user = user_search($id))) {
die(lang("This is not a valid user"));
}
if (check_email($editemail) == false) {
die(lang("Invalid email"));
}
// In case if email already exists, and email not eq. --> error
$find_email = user_search($editemail, 'email');
if ($find_email && $find_email[UDB_EMAIL] != $the_user[UDB_EMAIL]) {
die(lang("User with this email already exists"));
}
// Change password if present
if (!empty($editpassword)) {
$hmet = hash_generate($editpassword);
$the_user[UDB_PASS] = $hmet[count($hmet) - 1];
send_cookie();
}
// Change user level anywhere
$the_user[UDB_EMAIL] = $editemail;
$the_user[UDB_ACL] = $editlevel;
user_update($id, $the_user);
echo proc_tpl('editusers/doedituser/saved');
}
}
}
$title = cleanup_title($thread->title);
if ($temp_sort_style) {
$sort_style = $temp_sort_style;
} else {
if ($sort_style) {
$forum_style = 0;
// this is deprecated
if ($logged_in_user) {
$logged_in_user->prefs->thread_sorting = $sort_style;
$logged_in_user->prefs->update("thread_sorting={$sort_style}");
} else {
list($forum_style, $old_style) = parse_forum_cookie();
}
send_cookie('sorting', implode("|", array($forum_style, $sort_style)), true);
} else {
// get the sorting style from the user or a cookie
if ($logged_in_user) {
$sort_style = $logged_in_user->prefs->thread_sorting;
} else {
list($forum_style, $sort_style) = parse_forum_cookie();
}
}
}
page_head($title, 'jumpToUnread();');
$is_subscribed = $logged_in_user && BoincSubscription::lookup($logged_in_user->id, $thread->id);
show_forum_header($logged_in_user);
echo "<p>";
switch ($forum->parent_type) {
case 0:
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
$skip_auth_ops = true;
require_once "../inc/boinc_db.inc";
require_once "../inc/util_ops.inc";
require_once "../inc/email.inc";
require_once "../inc/user.inc";
// check for email/password case
//
$email_addr = strtolower(post_str("email_addr", true));
$passwd = stripslashes(post_str("passwd", true));
if ($email_addr && $passwd) {
$user = BoincUser::lookup_email_addr($email_addr);
if (!$user) {
error_page("No account found with email address {$email_addr}");
}
$passwd_hash = md5($passwd . $email_addr);
if ($passwd_hash != $user->passwd_hash) {
error_page("Login failed");
}
$authenticator = $user->authenticator;
$next_url = $_POST["next_url"];
if (strlen($next_url) == 0) {
$next_url = "index.php";
}
$perm = $_POST['stay_logged_in'];
send_cookie('auth', $authenticator, $perm, true);
Header("Location: {$next_url}");
}
function wp_login()
{
//http://127.0.0.1/blog/wp-login.php http://127.0.0.1/blog/wp-login.php
$post = array('log' => '18915874253', 'pwd' => 'zxc2016&&**', 'wp-submit' => '登录', 'redirect_to' => 'http://127.0.0.1/blog/wp-admin/', 'testcookie' => '1');
$url = "http://127.0.0.1/blog/wp-login.php";
$cookie = dirname(__FILE__) . '/cookie1.txt';
$url2 = "http://127.0.0.1/blog/wp-admin/";
post_save_cookie($url, $cookie, $post);
send_cookie($url2, $cookie);
return $cookie;
}
function CSRFMake()
{
global $config_csrf, $_SESS;
// no check CSRF
if ($config_csrf == 0) {
return TRUE;
}
$csrf = md5(mt_rand() . mt_rand() . mt_rand() . mt_rand());
// Use storage for csrf
$csrf_storage = SERVDIR . '/cdata/csrf.php';
$a = fopen($csrf_storage, 'a+');
fwrite($a, time() . '|' . $csrf . '|' . preg_replace('/[^a-z0-9]/i', '_', $_SESS['user']) . "\n");
fclose($a);
send_cookie();
// Set new CSRF by session
return $csrf;
}
function CSRFMake($Name = 'U:CSRF')
{
global $_SESS;
$_SESS[$Name] = md5(mt_rand() . mt_rand());
send_cookie();
return $_SESS[$Name];
}
function CreateImage()
{
global $_SESS;
$ini = microtime(true);
// is GD not installed
if (!function_exists('imagecreatetruecolor')) {
list($text, $reply) = $this->GetCaptchaText();
$_SESS[$this->session_var] = $reply;
send_cookie();
echo '<html><body style="font-size: 42px; font-family: Arial, Tahoma, Serif;">' . $reply . '</body></html>';
} else {
/** Initialization */
$this->ImageAllocate();
/** Text insertion */
list($text, $reply) = $this->GetCaptchaText();
$fontcfg = $this->fonts[array_rand($this->fonts)];
$this->WriteText($text, $fontcfg);
$_SESS[$this->session_var] = $reply;
send_cookie();
/** Transformations */
$this->WaveImage();
if ($this->blur && function_exists('imagefilter')) {
imagefilter($this->im, IMG_FILTER_GAUSSIAN_BLUR);
}
$this->ReduceImage();
if ($this->debug) {
imagestring($this->im, 1, 1, $this->height - 8, "{$text} {$fontcfg['font']} " . round((microtime(true) - $ini) * 1000) . "ms", $this->GdFgColor);
}
/** Output */
$this->WriteImage();
$this->Cleanup();
}
}
