static function check_cookie_login($user_id, $password) { $user_data = DB::fetch('SELECT id, user_name, password, block_time, gids FROM account WHERE id=' . (int)$user_id, false, false, __LINE__ . __FILE__); if ($user_data && $user_data['password'] == $password) { if ($user_data['block_time'] > TIME_NOW) { //Nếu User bị khóa chưa hết hạn! self::LogOut(); } else { //TuanNK sửa check quyền đăng nhập, nếu thuộc nhóm quản trị ==>> không cho đăng nhập tự động $in_group_admin = false; if ($user_data['gids'] && $user_data['gids'] != '0') { //$in_group_admin=(preg_match("/(".$user_data['gids'].")/is","2") || preg_match("/(".$user_data['gids'].")/is","1")); $in_group_admin = (preg_match("/(" . $user_data['gids'] . ")/is", "3") || preg_match("/(" . $user_data['gids'] . ")/is", "2") || preg_match("/(" . $user_data['gids'] . ")/is", "1") || preg_match("/(" . $user_data['gids'] . ")/is", "9")); } if (!$in_group_admin) { User::Login($user_data); Url::redirect_url(Url::build_all()); } else { EClassApi::my_setcookie('suma_id', "", TIME_NOW - 3600); EClassApi::my_setcookie('password', "", TIME_NOW - 3600); } } } else { self::LogOut(); } }
function remove_save_img() { if (!User::is_login()) { echo "not_login"; exit; } $id = (int) Url::get('id', 0); //check ton tai if (DB::count('img_save', ' img_id = ' . $id . ' AND user_id = ' . User::id())) { DB::delete('img_save', ' img_id = ' . $id . ' AND user_id = ' . User::id()); if (isset($_SESSION['wish_item'])) { $_SESSION['wish_item']--; if ($_SESSION['wish_item'] < 0) { $_SESSION['wish_item'] = 0; } } else { $_SESSION['wish_item'] = DB::count("img_save", "user_id = " . User::id()); } echo 'success'; if (isset($_COOKIE['user_save_img_list_items'])) { $arr_img_ids_temp = explode(',', $_COOKIE['user_save_img_list_items']); $tempArr = array(); foreach ($arr_img_ids_temp as $value) { if ($value != $id) { $tempArr[] = $value; } } $ids = implode(',', $tempArr); EClassApi::my_setcookie('user_save_img_list_items', $ids); $_SESSION['load_wish_list'] = true; } } else { echo 'unsuccess'; } exit; }
if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_REQUEST = array_map('stripslashes_deep', $_REQUEST); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); } if (!ERROR_PAGE) { if (!User::is_login()) { if (isset($_COOKIE['suma_id']) && isset($_COOKIE['password'])) { User::check_cookie_login($_COOKIE['suma_id'], $_COOKIE['password']); } else { EClassApi::my_setcookie('eclass_id', "", TIME_NOW - 3600); EClassApi::my_setcookie('password', "", TIME_NOW - 3600); } } else { if (isset($_GET['login_as']) || isset($_GET['login_as_id'])) { if (User::is_admin()) { $user_id = (int) Url::get('login_as_id', 0); $user = array(); if ($user_id) { $user = User::getUser($user_id); } else { $user_name = Url::get('login_as'); if ($user_name != '') { $user = User::getByUserName($user_name); } } if ($user) {
function feedback() { header("Content-type: application/xml"); $pattern = '/^xe360/i'; $content = trim(EClassApi::getParam('content')); $comment_id = (int) Url::get('comment_id', 0); $sender_user_name = trim(EClassApi::getParam('user_name')); $sender_email = trim(EClassApi::getParam('sender_email')); $subItemId = (int) Url::get('sub_item_id', 0); $comment_row = array(); // if(isset($_COOKIE['setTimeOutComment'])){ // if(time()-$_COOKIE['setTimeOutComment']<=30){// 30 giay // echo "<comments><content>time_out</content></comments>"; // exit(); // } // } // else{ // EClassApi::my_setcookie("setTimeOutComment", time(), 30 + TIME_NOW); // 30 giay // } if (preg_match($pattern, $sender_user_name) || preg_match($pattern, $sender_email) || preg_match($pattern, $content)) { echo "<comments><content>bad_word</content></comments>"; exit; } if (User::is_login() && User::is_block()) { echo "<comments><content>no_perm</content></comments>"; exit; } if ($comment_id) { $comment_row = DB::select('comment', "id={$comment_id}"); if (!$comment_row) { echo "<comments><content>no_perm</content></comments>"; exit; } if (User::is_login() && $comment_row['sender_user_id'] == User::id()) { //Không được trả lời cho chính mình! echo "<comments><content>no_perm</content></comments>"; exit; } if (!($item = Item::get_item($comment_row['item_id']))) { echo "<comments><content>no_perm</content></comments>"; exit; } } else { $item_id = (int) Url::get('item_id', 0); if (!$item_id || !($item = Item::get_item($item_id))) { echo "<comments><content>no_perm</content></comments>"; exit; } } $item_memcache = $item; if (EClassApi::isBlackList(User::id(), $item['user_id'])) { echo "<comments><content>blacklist</content></comments>"; exit; } if (!User::is_login() && EClassApi::checkBadWord($sender_user_name)) { echo "<comments><content>bad_word</content></comments>"; exit; } if ($item["state"] == 1 && !User::have_permit(ADMIN_ITEM)) { echo "<comments><content>no_perm</content></comments>"; exit; } $username = strtolower($sender_user_name); if (!User::is_login() && (strlen($username) < 3 || strlen($sender_email) < 3 || $username == 'admin' || $username == 'administrator' || $username == 'moderator' || $username == 'enbac')) { echo "<comments><content>bad_word</content></comments>"; exit; } if (EClassApi::checkBadWord($content)) { echo "<comments><content>bad_word</content></comments>"; exit; } /*if(!User::is_login()){ $captcha = EClassApi::getParam('captcha'); if(!isset($_SESSION["enbac_validate"]) || $captcha=='' || $captcha != $_SESSION["enbac_validate"]){ echo "<comments><content>false_captcha</content></comments>"; exit(); } }*/ $content = preg_replace("/\n/", "<br />", $content); $content = str_replace('<br /><br />', ' ', $content); $receiver_user_id = 0; $receiver_username = ''; if ($comment_id) { if ($comment_row['parent_id']) { $receiver_user_id = $comment_row['sender_user_id']; $receiver_username = $comment_row['sender_user_name']; if ($receiver_user_id) { $content = '@<a href="' . WEB_DIR . $receiver_username . '" class="fast_reply_link" title="' . $receiver_username . '">' . $receiver_username . '</a>: ' . $content; } else { $content = '<font color="#999">@<span style="text-decoration:underline">' . $receiver_username . '</span> </font>: ' . $content; } $parent_id = $comment_row['parent_id']; } else { $parent_id = $comment_row['id']; } } else { $parent_id = 0; } $user_item = User::getUser($item['user_id']); if ($user_item) { $user_type = 0; if (User::is_login()) { $sender_user_name = User::user_name(); $user_id = User::id(); $user_send = User::getUser($user_id); if (!$user_send['avatar_url']) { /*gen 1 cai avatar cho nguoiwf dungf nayf*/ // EClassApi::genAvatar('40',md5($sender_user_name)); } /* #note-comment 11.02 by ngannv Nên bỏ cái query này đi rà xoát lại cơ chế liên quan đến trường user_type trong bảng comment */ $sql = "SELECT sms_total FROM sms_user_active WHERE user_id = {$user_id}"; $user_active = DB::fetch($sql); if ($user_active) { $sms_total = $user_active['sms_total']; if ($sms_total >= 3) { $user_type = 2; } else { $user_type = 1; } } else { $user_type = 1; } } else { // set guest cookie $week = 60 * 60 * 24 * 365 + TIME_NOW; EClassApi::my_setcookie("guest_name", $sender_user_name, $week); EClassApi::my_setcookie("guest_email", $sender_email, $week); /*Tạo một avatar cho khách*/ //EClassApi::genAvatar('40',md5($sender_user_name)); } $up_up_count = ''; if ($content != '') { $comment = array('content' => $content, 'item_id' => $item['id'], 'time' => TIME_NOW, 'order_time' => TIME_NOW, 'post_ip' => EClassApi::ip(), 'parent_id' => $parent_id, 'receiver_user_id' => $item['user_id'], 'receiver_user_name' => $item['user_name'], 'display' => 1, 'sub_item_id' => $subItemId, 'user_type' => $user_type); if (User::id()) { if ($item['user_id'] == User::id()) { //Chuyển trạng thái đã trả lời khi comment chính topic của mình! $comment['status'] = 1; } $comment['sender_user_id'] = User::id(); $comment['sender_user_name'] = User::user_name(); } else { $comment['sender_user_id'] = 0; $comment['sender_user_name'] = $sender_user_name; $comment['sender_email'] = $sender_email; } if ($comment_row && $comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id']) { $comment['replied_user_id'] = $comment_row['sender_user_id']; $comment['replied_user_name'] = $comment_row['sender_user_name']; } elseif ($comment_row && $comment_row['sender_user_id'] == $item['user_id']) { $comment['replied_status'] = 1; } $id = DB::insert('comment', $comment); if ($id) { /* if(!User::id()){ EClassApi::reload_captcha(); }*/ /*Cập nhật tăng thêm số lượt comment trong bảng item_sub*/ if ($subItemId > 0) { $updItemSubTbl = "UPDATE item_sub SET comment_count=comment_count+1 WHERE id={$subItemId} LIMIT 1"; DB::query($updItemSubTbl); } if ($parent_id) { $re = DB::query("SELECT id FROM comment WHERE item_id = {$item['id']} AND parent_id = {$parent_id} AND display = 1 ORDER BY id DESC LIMIT 3,1"); if ($re) { if ($row = mysql_fetch_assoc($re)) { if ($row) { DB::query("UPDATE comment SET display = 0 WHERE parent_id = {$parent_id} AND display = 1 AND id<={$row['id']}"); } } } if ($comment_id == $parent_id) { if (User::is_login() && $item['user_id'] == User::id()) { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . ", status=1 WHERE id = {$parent_id}"); } else { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); } } else { DB::query("UPDATE comment SET have_child = have_child + 1, order_time = " . time() . " WHERE id = {$parent_id}"); if (User::is_login() && $item['user_id'] == User::id()) { DB::query("UPDATE comment SET status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=1"); } } if (User::is_login()) { //Nếu là thành viên //Cập nhật lại replied_status nếu chưa được check! if ($item['user_id'] != User::id() && $comment_row['replied_user_id'] == User::id() && $comment_row['replied_status'] == 0) { DB::query("UPDATE comment SET replied_status=1 WHERE id = {$comment_id}"); //Cập nhật đã đọc - trả lời cho feed DB::query("UPDATE feed SET status = 1 WHERE ref_id = {$comment_id} AND type=2"); //Cập nhật comment mới cho chính mình DB::query('UPDATE account SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0'); User::getUser(User::id(), 0, 1); } if ($item['user_id'] != User::id()) { //Nếu ko fải giao dịch của mình //Cập nhật comment mới cho chủ topic DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']); User::getUser($item['user_id'], 0, 1); } elseif ($comment_row && $comment_row['status'] == 0) { //Cập nhật comment mới cho chính mình DB::query('UPDATE account SET total_new_comment = total_new_comment - 1 WHERE id=' . User::id() . ' AND total_new_comment>0'); User::getUser(User::id(), 0, 1); } //Cập nhật comment mới cho người có comment được trả lời if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != User::id() && $comment_row['sender_user_id'] != $item['user_id']) { //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']); User::getUser($comment_row['sender_user_id'], 0, 1); } } else { //Nếu là khách vãng lai //Cập nhật comment mới cho chủ topic DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $item['user_id']); User::getUser($item['user_id'], 0, 1); //Cập nhật comment mới cho người có comment được trả lời if ($comment_row['sender_user_id'] && $comment_row['sender_user_id'] != $item['user_id'] && $comment_row['sender_user_id'] != $item['user_id']) { //Nếu trả lời comment cho 1 người nào đó ko fải chủ topic DB::query('UPDATE account SET total_new_comment = total_new_comment + 1 WHERE id=' . $comment_row['sender_user_id']); User::getUser($comment_row['sender_user_id'], 0, 1); } } } EClassApi::update_cache_comment($item['id']); } $total_feedback = DB::count('comment', "item_id={$item['id']} AND sub_item_id=0"); /*vãi #note-comment 01 by ngannv*/ $up_up_count = '<up_count>'; $up_up_count .= $user_item['up_item']; if (!$subItemId) { DB::update_id('item', array('reply_count' => $total_feedback), $item['id']); } if (MEMCACHE_ON) { $item_memcache['reply_count'] = $total_feedback; eb_memcache::do_put("item:{$item['id']}", $item_memcache); } $up_up_count .= '</up_count>'; //Cập nhật cron job if ($user_item && $user_item['email'] && $user_item['email_alert'] && $user_item['id'] != User::id()) { if (User::id()) { $sender_email = ''; } $link = WEB_ROOT . ECRewrite::formatUrl('?page=item_detail&id=' . $item['id'] . '&ebname=' . EClassApi::safe_title($item['name'])); $title = "<a href='{$link}' target='_blank' style='text-decoration:none;color:#003399;'><font color='#003399'>{$item['name']}</font></a>"; EClassApi::addCronJob('item_comment', EClassApi::parseBBCode($content, true), $user_item['id'], User::id() ? User::user_name() : $sender_user_name, $sender_email, $item['id'], $title, $link); } } else { $id = 0; } $time = date('H:i - d/m'); $xml = "<comments><content><![CDATA[" . EClassApi::parseBBCode($content) . "]]></content><post_time>" . date('H:i') . "</post_time>"; /* * longnt * thêm trả lại id comment mới insert */ $xml .= "<insert_id>{$id}</insert_id>"; $action = 'item_comment'; if (User::id() != $item['user_id']) { require_once ROOT_PATH . 'includes/enbac/comment.php'; Comment::addNewComment($item['user_id']); } $xml .= $up_up_count . "<id>" . $id % 3 . "</id></comments>"; //del cache html if ($subItemId) { $caheFile = 'fb_' . $subItemId; if (MEMCACHE_ON) { eb_memcache::do_put('update_comment_sub_' . $item['id'] . '_' . $subItemId, 1); /*ngannv #update_comment_sub tìm thêm trong ajax_item_detai.ajax*/ } } else { $caheFile = 'fb_' . $item['id']; } StaticCache::delCache($caheFile); echo $xml; System::halt(); } }
function regist_account() { global $display; if (User::checkLock4Ever(1)) { Url::redirect_current(); } //check bảo mật $just_registed_s = 0; $just_registed_c = 0; if (isset($_SESSION['just_registed'])) { $just_registed_s = $_SESSION['just_registed']; } if (isset($_COOKIE['just_registed'])) { $just_registed_c = $_COOKIE['just_registed']; } if ($just_registed_s > TIME_NOW - 120 || $just_registed_c > TIME_NOW - 120 || !REG_ON) { Url::redirect_current(); } //END check bảo mật // check de ban IP $ip = EClassApi::ip(); $arr_badwords = EClassApi::checkBadWord($ip, true); if ($arr_badwords["bad"] != "" && $arr_badwords["bad_key"] != "") { echo -1; exit; } // end check de ban IP $full_name = Url::get('full_name'); $email = Url::get('email'); $user_name = Url::get('register_user_name'); $mobile_phone = EClassApi::trimSpace(Url::get('mobile_phone')); $password = EClassApi::trimSpace(Url::get('register_password')); $confirm_password = EClassApi::trimSpace(Url::get('confirm_password')); /*gen avatar tự động cho người dùng khi đăng ký*/ /*$url_gen = WEB_ROOT."includes/identicon.php?size=100&hash=" . md5($email).""; $avatar = EClassApi::upload_avatar($url_gen);*/ $user_info = array('user_name' => $user_name, 'email' => $email, 'password' => User::eat_encode_password($password, SALTAUTH), 'full_name' => $full_name, 'mobile_phone' => $mobile_phone, 'create_time' => TIME_NOW, 'is_active' => (int) (bool) USER_ACTIVE_ON, 'reg_ip' => EClassApi::ip()); $id = DB::insert('account', $user_info); if ($id) { $_SESSION['just_registed'] = TIME_NOW; EClassApi::my_setcookie('just_registed', TIME_NOW); if (USER_ACTIVE_ON && $user_info['is_active'] == 1) { global $display; $active = DB::select('account_active', 'user_id=' . $id); $active_code = md5(TIME_NOW . $user_info['password']); if ($active) { $active = array('id' => $active['id'], 'user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW); } else { $active = array('user_id' => $id, 'active_code' => $active_code, 'time' => TIME_NOW); } DB::insert('account_active', $active, true); $display->add('eb_url', WEB_ROOT); $display->add('user_id', $id); $display->add('user_name', $user_info['user_name']); $display->add('active_code', $active_code); $content_email = $display->output('send_active_mail', 1, 'RegisterSuccess'); System::sendEBEmail($user_info['email'], 'Kích hoạt tài khoản!', $content_email); echo 1; } } else { echo 0; } exit; }