function onsend() { $a = getgpc('a'); $do = getgpc('do'); $this->_auth(); $uid = $this->user['uid']; $this->load('friend'); $totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3); $friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array(); if (!$this->submitcheck()) { $extra = 'extra=' . rawurlencode($_GET['extra']); $type = !empty($_GET['type']) ? $_GET['type'] : ''; $pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0; $daterange = $_GET['daterange'] ? intval($_GET['daterange']) : 1; $touid = intval($_GET['touid']); $plid = intval($_GET['plid']); $folder = getgpc('folder'); $pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0); $unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1); $touser = ''; if ($pmid) { $tmp = $_ENV['pm']->getpmbypmid($uid, $pmid); $tmp = $tmp[0]; } else { $tmp = array(); } if (!empty($pmid)) { if ($do == 'forward') { $user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']); $tmp['message'] = $this->lang['pm_from'] . ': ' . $tmp['author'] . "\n" . $this->lang['pm_to'] . ': ' . dhtmlspecialchars($user['username']) . "\n" . $this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" . '[quote]' . trim(preg_replace("/(\\[quote])(.*)(\\[\\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n"; } } else { !empty($_GET['msgto']) && ($touser = dhtmlspecialchars($_GET['msgto'])); !empty($_GET['subject']) && ($tmp['subject'] = $_GET['subject']); !empty($_GET['message']) && ($tmp['message'] = $_GET['message']); } if ($this->settings['sendpmseccode']) { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $rand = rand(100000, 999999); $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720)); $this->view->assign('seccodeinit', $seccodeinit); } $this->view->assign('sendpmseccode', $this->settings['sendpmseccode']); $this->view->assign('touser', $touser); $this->view->assign('user', $this->user); $this->view->assign('pmnum_private', $pmnum_private); $this->view->assign('pmnum_chatpm', $pmnum_chatpm); $this->view->assign('unreadpmnum', $unreadpmnum); $this->view->assign('friends', $friends); $this->view->assign('extra', $extra); $this->view->assign('pmid', $pmid); $this->view->assign('daterange', $daterange); $this->view->assign('touid', $touid); $this->view->assign('plid', $plid); $this->view->assign('a', $a); $this->view->assign('do', $do); $this->view->assign('folder', $folder); $tmp['message'] = dhtmlspecialchars($tmp['message']); $this->view->assign('message', $tmp['message']); $this->view->assign('type', $type); $this->view->display('pm_send'); } else { if ($this->settings['sendpmseccode']) { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $seccodehidden = urldecode(getgpc('seccodehidden', 'P')); $seccode = strtoupper(getgpc('seccode', 'P')); $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey); require UC_ROOT . './lib/seccode.class.php'; if (!seccode::seccode_check($seccodehidden, $seccode)) { $this->message('pm_send_seccode_error', 'BACK', 1); } } $user = $_ENV['user']->get_user_by_uid($this->user['uid']); $this->user['username'] = daddslashes($user['username'], 1); $touid = intval(getgpc('touid')); $daterange = intval(getgpc('daterange')); $type = intval(getgpc('type')); $replypmid = @is_numeric($_GET['replypmid']) ? $_GET['replypmid'] : 0; $msgto = array(); if ($replypmid) { $plid = $_ENV['pm']->getplidbypmid($replypmid); $msgto = $_ENV['pm']->getuidbyplid($plid); unset($msgto[$uid]); } else { if (!empty($_POST['msgto'])) { $msgto = explode(',', $_POST['msgto']); $msgto = $_ENV['user']->name2id($msgto); } } if (isset($_POST['friend'])) { $frienduids = array(); foreach ($friends as $friend) { $frienduids[] = $friend['friendid']; } foreach ($_POST['friend'] as $friendid) { if (in_array($friendid, $frienduids)) { $msgto[] = $friendid; } } } if (!$msgto) { $this->message('receiver_no_exists', 'BACK', 1); } $msgto = array_unique($msgto); $countmsgto = count($msgto); if ($this->settings['pmsendregdays']) { if ($user['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) { $this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays'])); } } if ($this->settings['chatpmmemberlimit']) { if ($type == 1 && $countmsgto > $this->settings['chatpmmemberlimit'] - 1) { $this->message('pm_send_chatpmmemberlimit_error', 'BACK', 1, array('$chatpmmemberlimit' => $this->settings['chatpmmemberlimit'])); } } if ($this->settings['pmfloodctrl']) { if (!$_ENV['pm']->ispminterval($this->user['uid'], $this->settings['pmfloodctrl'])) { $this->message('pm_send_pmfloodctrl_error', 'BACK', 1, array('$pmfloodctrl' => $this->settings['pmfloodctrl'])); } } if ($this->settings['privatepmthreadlimit']) { if (!$_ENV['pm']->isprivatepmthreadlimit($this->user['uid'], $this->settings['privatepmthreadlimit'])) { $this->message('pm_send_privatepmthreadlimit_error', 'BACK', 1, array('$privatepmthreadlimit' => $this->settings['privatepmthreadlimit'])); } } if ($this->settings['chatpmthreadlimit']) { if (!$_ENV['pm']->ischatpmthreadlimit($this->user['uid'], $this->settings['chatpmthreadlimit'])) { $this->message('pm_send_chatpmthreadlimit_error', 'BACK', 1, array('$chatpmthreadlimit' => $this->settings['chatpmthreadlimit'])); } } if ($replypmid) { $lastpmid = $_ENV['pm']->replypm($plid, $this->user['uid'], $this->user['username'], $_POST['message']); } else { $lastpmid = $_ENV['pm']->sendpm($this->user['uid'], $this->user['username'], $msgto, '', $_POST['message'], $type); } if ($lastpmid > 0) { if ($replypmid) { if ($touid) { $this->message('pm_send_succeed', "index.php?m=pm_client&a=view&touid={$touid}&daterange={$daterange}&filter=privatepm", 1); } else { $this->message('pm_send_succeed', "index.php?m=pm_client&a=view&plid={$plid}&daterange={$daterange}&filter=chatpm", 1); } } else { if (!$type) { $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=privatepm', 1); } else { $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=chatpm', 1); } } } else { $this->message('pm_send_ignore', 'BACK', 1); } } }
function onlogin() { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $this->load('user'); $username = getgpc('username', 'P'); $password = getgpc('password', 'P'); $iframe = getgpc('iframe') ? 1 : 0; $isfounder = intval(getgpc('isfounder', 'P')); $rand = rand(100000, 999999); $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 180)); $errorcode = 0; if ($this->submitcheck()) { if ($isfounder == 1) { $username = '******'; } $can_do_login = $_ENV['user']->can_do_login($username, $this->onlineip); if (!$can_do_login) { $errorcode = UC_LOGIN_ERROR_FAILEDLOGIN; } else { $seccodehidden = urldecode(getgpc('seccodehidden', 'P')); $seccode = strtoupper(getgpc('seccode', 'P')); $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey); require UC_ROOT . './lib/seccode.class.php'; if (!seccode::seccode_check($seccodehidden, $seccode)) { $errorcode = UC_LOGIN_ERROR_SECCODE; } else { $errorcode = UC_LOGIN_SUCCEED; $this->user['username'] = $username; if ($isfounder == 1) { $this->user['username'] = '******'; $md5password = md5(md5($password) . UC_FOUNDERSALT); if ($md5password == UC_FOUNDERPW) { $username = $this->user['username']; $this->view->sid = $this->sid_encode($this->user['username']); } else { $errorcode = UC_LOGIN_ERROR_FOUNDER_PW; } } else { $admin = $this->db->fetch_first("SELECT a.uid,m.username,m.salt,m.password FROM " . UC_DBTABLEPRE . "admins a LEFT JOIN " . UC_DBTABLEPRE . "members m USING(uid) WHERE a.username='******'"); if (!empty($admin)) { $md5password = md5(md5($password) . $admin['salt']); if ($admin['password'] == $md5password) { $this->view->sid = $this->sid_encode($admin['username']); } else { $errorcode = UC_LOGIN_ERROR_ADMIN_PW; } } else { $errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS; } } if ($errorcode == 0) { $this->setcookie('sid', $this->view->sid, 86400); $pwlen = strlen($password); $this->user['admin'] = 1; $this->writelog('login', 'succeed'); if ($iframe) { header('location: admin.php?m=frame&a=main&iframe=1' . ($this->cookie_status ? '' : '&sid=' . $this->view->sid)); exit; } else { header('location: admin.php' . ($this->cookie_status ? '' : '?sid=' . $this->view->sid)); exit; } } else { $this->writelog('login', 'error: user='******'username'] . '; password='******'user']->loginfailed($username, $this->onlineip); } } } } $username = dhtmlspecialchars($username); $password = dhtmlspecialchars($password); $this->view->assign('seccodeinit', $seccodeinit); $this->view->assign('username', $username); $this->view->assign('password', $password); $this->view->assign('isfounder', $isfounder); $this->view->assign('errorcode', $errorcode); $this->view->assign('iframe', $iframe); $this->view->display('admin_login'); }