function remotelogin_action() {
cookie::del('passinfo');
$this->view->loginfalse=cookie::get('loginfalse'.md5($_SERVER['REQUEST_URI']));
if (front::$args) {
$user=new user();
$args = xxtea_decrypt(base64_decode(front::$args), config::get('cookie_password'));
$user=$user->getrow(unserialize($args));
if (is_array($user)) {
if ($user['groupid'] == '888')
front::$isadmin=true;
cookie::set('login_username',$user['username']);
cookie::set('login_password',front::cookie_encode($user['password']));
session::set('username',$user['username']);
require_once ROOT.'/celive/include/config.inc.php';
require_once ROOT.'/celive/include/celive.class.php';
$login=new celive();
$login->auth();
$GLOBALS['auth']->remotelogin($user['username'],$user['password']);
$GLOBALS['auth']->check_login1();
front::$user=$user;
}elseif (!is_array(front::$user) ||!isset(front::$isadmin)) {
cookie::set('loginfalse'.md5($_SERVER['REQUEST_URI']),(int) cookie::get('loginfalse'.md5($_SERVER['REQUEST_URI'])) +1,time() +3600);
event::log('loginfalse','失败 user='******'username']);
front::flash('密码错误或不存在该管理员!');
front::refresh(url('admin/login',true));
}
}
$this->render();
}
function logout_action() {
cookie::del('login_username');
cookie::del('login_password');
session::del('username');
session::del('roles');
require_once ROOT.'/celive/include/config.inc.php';
require_once ROOT.'/celive/include/celive.class.php';
$login=new celive();
$login->auth();
$GLOBALS['auth']->logout();
$GLOBALS['auth']->check_logout1();
front::redirect(url::create('index'));
}
function __construct() {
if(preg_match('/(\'|")/', $_POST['username']) || preg_match('/(\'|")/', $_GET['username']) || preg_match('/(\'|")/', $_COOKIE['login_username'])){
exit('非法参数');
}
self::$args=$_GET['args'];
unset($_GET['args']);
if($_GET['case'] == 'file'){@$_GET['admin_dir'] = config::get('admin_dir');}
if (@$_GET['admin_dir'] == config::get('admin_dir'))
$admin=1;
if (@$_GET['m'] &&is_numeric(@$_GET['m'])) {
header('location:?case=user&act=space&mid='.$_GET['m']);
}
if (@$_GET['g'] &&is_numeric(@$_GET['g'])) {
header('location: ?case=manage&act=guestadd&manage=archive&guest=1');
}
if (@$admin) {
include_once ROOT.'/'.config::get('admin_dir').'/init.php';
}
if (@$_GET['clean_login']) {
$event=new event();
$event->rec_delete("event='loginfalse'");
cookie::del('loginfalse');
}
self::$admin=defined('ADMIN');
self::$debug=defined('DEBUG');
if(is_mobile()) $_GET['t']='wap';
if (strtolower(config::get('template_dir')) == 'admin'||strtolower(config::get('template_dir')) == 'debug')
exit(__CLASS__.','.__LINE__);
if (!config::get('template_dir'))
config::set('template_dir','default');
if (isset($_SERVER['HTTP_REFERER']))
self::$from=$_SERVER['HTTP_REFERER'];
self::$host=isset($_SERVER['HTTP_X_FORWARDED_HOST']) ?$_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ?$_SERVER['HTTP_HOST'] : '');
preg_match('/[\w-]+(\.(org|net|com|gov))?\.(\w+)$/',self::$host,$match);
if (isset($match[0]))
self::$domain=$match[0];
else
self::$domain=self::$host;
self::$uri=$_SERVER['REQUEST_URI'];
self::route();
define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
exit('request_tainting');
}
if (!MAGIC_QUOTES_GPC) {
$_GET = daddslashes($_GET);
$_POST = daddslashes($_POST);
$_COOKIE = daddslashes($_COOKIE);
}
$dfile = htmlspecialchars($_GET['dfile']);
foreach ($_GET as $key=>$value) {
unset($_GET[$key]);
if ($key == 'host'||$key == 'ftpip'||$key == 'request'||$key == 'notify_id'||$key == 'real_name') {
$_GET[$key]=$value;
continue;
}
$key=preg_replace('/[^\w-].*/','',$key);
if ($key == 'tag'||$key == 'keyword') {
$value=strip_tags(urldecode($value));
$value=str_replace(' ','+',$value);
if(preg_match('/union/i',$value) || preg_match('/"/i',$value) ||preg_match('/\'/i',$value)){
exit('非法参数');
}
}
else
$value=preg_replace('/[^\w-].*/','',$value);
$_GET[$key]=$value;
}
self::$get=$_GET;
self::$post=$_POST;
self::$get['dfile'] = $dfile;
if (isset(self::$post['verify']))
self::$post['verify']=strtoupper(self::$post['verify']);
self::$case=isset(self::$get['case']) ?self::$get['case'] : (self::$admin ?'index': 'index');
self::$act=isset(self::$get['act']) ?self::$get['act'] : 'index';
if (preg_match("%".self::$host."%i",self::$from))
self::$from=preg_replace('%http://'.self::$host.'%','',self::$from);
if (!front::$admin ||front::$html ||self::$rewrite)
config::set('base_url',preg_replace('%/index.php%i','',$_SERVER['PHP_SELF']));
else {
$_url=preg_replace('/'.THIS_URL.'$/i','',rtrim(preg_replace('/(index\.php|\?).*/i','',self::$uri),'/'));
config::set('base_url',str_replace(ROOT,'',$_url));
}
new stsession(new sessionox());//初始化DB 存储SESSION
if (self::$admin)
$this->admin();
}
function logout_action() {
cookie::del('login_username');
cookie::del('login_password');
session::del('username');
front::redirect(url::create('user/login'));
exit;
}
function init() {
/**
* 清空訂單
* @return void
*/
static function clear()
{
cookie::del('orderids');
}
