function CheckOpenID()
{
global $DB, $Prefix, $AppID, $OauthObject, $TimeStamp, $SALT, $Config, $CurUserID, $Lang;
$OauthUserID = $DB->single("SELECT UserID FROM " . $Prefix . "app_users \n\t\tWHERE AppID=:AppID AND OpenID = :OpenID", array('AppID' => $AppID, 'OpenID' => $OauthObject->OpenID));
// 当前openid已存在,直接登陆
if ($OauthUserID) {
$OauthUserInfo = $DB->row("SELECT * FROM " . $Prefix . "users WHERE ID = :UserID", array("UserID" => $OauthUserID));
$TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp;
//默认保持30天登陆状态
SetCookies(array('UserID' => $OauthUserID, 'UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($OauthUserInfo['Password'] . $OauthUserInfo['Salt'] . $TemporaryUserExpirationTime . $SALT)), 30);
header('location: ' . $Config['WebsitePath'] . '/');
exit;
} elseif ($CurUserID) {
// 如果已登陆,直接绑定当前账号
//Insert App user
if ($DB->query('INSERT INTO `' . $Prefix . 'app_users`
(`ID`, `AppID`, `OpenID`, `AppUserName`, `UserID`, `Time`)
VALUES (:ID, :AppID, :OpenID, :AppUserName, :UserID, :Time)', array('ID' => null, 'AppID' => $AppID, 'OpenID' => $OauthObject->OpenID, 'AppUserName' => htmlspecialchars($OauthObject->NickName), 'UserID' => $CurUserID, 'Time' => $TimeStamp))) {
AlertMsg($Lang['Binding_Success'], $Lang['Binding_Success']);
} else {
AlertMsg($Lang['Binding_Failure'], $Lang['Binding_Failure']);
}
}
}
$ErrorCode = 101000;
$UserName = '';
$ReturnUrl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER["HTTP_REFERER"]) : '';
if (isset($_GET['logout']) && $_GET['logout'] == $CurUserCode) {
LogOut();
if ($ReturnUrl) {
header('location: ' . $ReturnUrl);
exit('logout');
} else {
header('location: ' . $Config['WebsitePath'] . '/');
exit('logout');
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) {
if (!ReferCheck(Request('Post', 'FormHash'))) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
$ReturnUrl = htmlspecialchars(Request('Post', 'ReturnUrl'));
$UserName = strtolower(Request('Post', 'UserName'));
$Password = Request('Post', 'Password');
$Expires = min(intval(Request('Post', 'Expires', 30)), 30);
//最多保持登陆30天
$VerifyCode = intval(Request('Post', 'VerifyCode'));
do {
if (!$UserName || !$Password || !$VerifyCode) {
$Error = $Lang['Forms_Can_Not_Be_Empty'];
$ErrorCode = 101001;
break;
}
session_start();
$TempVerificationCode = "";
function Auth($MinRoleRequire, $AuthorizedUserID = 0, $StatusRequire = false)
{
global $CurUserRole, $CurUserID, $CurUserInfo, $Lang, $RequestURI;
$error = '';
if ($CurUserRole < $MinRoleRequire) {
$error = str_replace('{{RoleDict}}', $Lang['RolesDict'][$MinRoleRequire], $Lang['Error_Insufficient_Permissions']);
}
if ($CurUserID && $StatusRequire == true && $CurUserInfo['UserAccountStatus'] == 0) {
$error = $Lang['Error_Account_navailable'];
}
if ($AuthorizedUserID && $CurUserID && $CurUserID == $AuthorizedUserID) {
$error = false;
}
if ($error) {
AlertMsg($Lang['Error_Message'], $error, 401);
}
}
$SQLKeywordArray[] = '%' . $Value . '%';
}
$TopicsArray = $DB->query('SELECT `ID`, `Topic`, `Tags`, `UserID`, `UserName`, `LastName`, `LastTime`, `Replies` FROM ' . $Prefix . 'topics
WHERE Topic LIKE ? or Tags LIKE ? ' . $QueryString . '
ORDER BY LastTime DESC
LIMIT ' . ($Page - 1) * $Config['TopicsPerPage'] . ',' . $Config['TopicsPerPage'], $SQLKeywordArray);
} else {
$QueryString = str_repeat('or Name LIKE ? ', $KeywordNum - 1);
$SQLKeywordArray = array();
foreach ($KeywordArray as $Value) {
$SQLKeywordArray[] = '%' . $Value . '%';
}
$TagIDList = $DB->column('SELECT ID FROM ' . $Prefix . 'tags
WHERE Name like ? ' . $QueryString, $SQLKeywordArray);
if (!$TagIDList) {
AlertMsg('404 Not Found', '404 Not Found', 404);
}
$TagIDArray = $DB->column('SELECT TopicID FROM ' . $Prefix . 'posttags
WHERE TagID in (?)
ORDER BY TopicID DESC
LIMIT ' . ($Page - 1) * $Config['TopicsPerPage'] . ',' . $Config['TopicsPerPage'], $TagIDList);
$TopicsArray = array();
if ($TagIDArray) {
$TopicsArray = $DB->query('SELECT `ID`, `Topic`, `Tags`, `UserID`, `UserName`, `LastName`, `LastTime`, `Replies` FROM ' . $Prefix . 'topics
force index(PRI)
WHERE ID in (?) and IsDel=0
ORDER BY LastTime DESC', $TagIDArray);
}
}
/*
if($Page == 1 && !$TopicsArray){
include __DIR__ . '/common.php';
require __DIR__ . '/language/' . ForumLanguage . '/new.php';
Auth(1, 0, true);
$Error = '';
$Title = '';
$Content = '';
$TagsArray = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
SetStyle('api', 'API');
if (!ReferCheck($_POST['FormHash'])) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
if ($TimeStamp - $CurUserInfo['LastPostTime'] <= 5) {
//发帖至少要间隔5秒
AlertMsg($Lang['Posting_Too_Often'], $Lang['Posting_Too_Often']);
}
$Title = Request('Post', 'Title');
$Content = Request('Post', 'Content');
$TagsArray = $_POST['Tag'];
if ($Title) {
if (strlen($Title) <= $Config['MaxTitleChars'] || strlen($Content) <= $Config['MaxPostChars']) {
if (!empty($TagsArray) && !in_array('', $TagsArray) && count($TagsArray) <= $Config["MaxTagsNum"]) {
//获取已存在的标签
$TagsExistArray = $DB->query("SELECT ID,Name FROM `" . $Prefix . "tags` WHERE `Name` in (?)", $TagsArray);
$TagsExist = ArrayColumn($TagsExistArray, 'Name');
$TagsID = ArrayColumn($TagsExistArray, 'ID');
//var_dump($TagsExist);
$NewTags = TagsDiff($TagsArray, $TagsExist);
//新建不存在的标签
if ($NewTags) {
$DB->query('UPDATE `' . $Prefix . 'users` SET NumFavUsers=NumFavUsers' . $SQLAction . ' WHERE `ID`=?', array($CurUserID));
break;
case 4:
//Post
break;
case 5:
//Blog
break;
default:
AlertMsg('Bad Request', 'Bad Request');
break;
}
//清理内存缓存
if ($MCache) {
$MCache->delete(MemCachePrefix . 'UserInfo_' . $CurUserID);
}
$Message = $IsFavorite ? $MessageType ? $Lang['Follow'] : $Lang['Collect'] : ($MessageType ? $Lang['Unfollow'] : $Lang['Unsubscribe']);
//$FavoriteID = $DB->lastInsertId();
} else {
AlertMsg('404 Not Found', '404 Not Found');
}
break;
//Error
//Error
default:
AlertMsg('Bad Request', 'Bad Request');
break;
}
$PageTitle = 'Manage';
$ContentFile = $TemplatePath . 'manage.php';
include $TemplatePath . 'layout.php';
$NewSalt = $UserInfo['Salt'];
$NewPasswordHash = md5(md5($Password) . $NewSalt);
if (UpdateUserInfo(array('Salt' => $NewSalt, 'Password' => $NewPasswordHash), $UserInfo['ID'])) {
$TemporaryUserExpirationTime = 30 * 86400 + $TimeStamp;
//默认保持30天登陆状态
SetCookies(array('UserExpirationTime' => $TemporaryUserExpirationTime, 'UserCode' => md5($NewPasswordHash . $NewSalt . $TemporaryUserExpirationTime . $SALT)), 30);
$CurUserInfo['Salt'] = $NewSalt;
$CurUserInfo['Password'] = $NewPasswordHash;
AlertMsg($Lang['Reset_Password_Success'], $Lang['Reset_Password_Success']);
} else {
AlertMsg($Lang['Reset_Password_Failure'], $Lang['Reset_Password_Failure']);
}
} else {
$Message = $Lang['VerificationCode_Error'];
}
unset($_SESSION[$Prefix . 'VerificationCode']);
} else {
$Message = $Lang['Passwords_Inconsistent'];
}
} else {
$Message = $Lang['Forms_Can_Not_Be_Empty'];
}
}
} else {
AlertMsg('Bad Request', 'Bad Request', 400);
}
}
$DB->CloseConnection();
$PageTitle = $Lang['Reset_Password'];
$ContentFile = $TemplatePath . 'reset_password.php';
include $TemplatePath . 'layout.php';
function AlertGoBack($msg)
{
AlertMsg($msg, -1);
exit;
}
AlertMsg($Lang['Binding_Success'], $Lang['Binding_Success']);
} else {
AlertMsg($Lang['Binding_Failure'], $Lang['Binding_Failure']);
}
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!ReferCheck(Request('Post', 'FormHash')) || empty($_SESSION[$Prefix . 'OauthAccessToken']) || !$State || empty($_SESSION[$Prefix . 'OauthState']) || $State != $_SESSION[$Prefix . 'OauthState']) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
// 读入Access Token
$OauthObject->AccessToken = $_SESSION[$Prefix . 'OauthAccessToken'];
// 释放session防止阻塞
session_write_close();
if (!$OauthObject->GetOpenID()) {
AlertMsg('400 Bad Request', '400 Bad Request', 400);
}
$OpenID = $OauthObject->OpenID;
$UserName = strtolower(Request('Post', 'UserName'));
if ($UserName && IsName($UserName)) {
$UserExist = $DB->single("SELECT ID FROM " . $Prefix . "users WHERE UserName = :UserName", array('UserName' => $UserName));
if (!$UserExist) {
$NewUserSalt = mt_rand(100000, 999999);
$NewUserPassword = '******' . substr(md5(md5(mt_rand(1000000000, 2147483647)) . $NewUserSalt), 0, -3);
$NewUserData = array('ID' => null, 'UserName' => $UserName, 'Salt' => $NewUserSalt, 'Password' => $NewUserPassword, 'UserMail' => '', 'UserHomepage' => '', 'PasswordQuestion' => '', 'PasswordAnswer' => '', 'UserSex' => 0, 'NumFavUsers' => 0, 'NumFavTags' => 0, 'NumFavTopics' => 0, 'NewMessage' => 0, 'Topics' => 0, 'Replies' => 0, 'Followers' => 0, 'DelTopic' => 0, 'GoodTopic' => 0, 'UserPhoto' => '', 'UserMobile' => '', 'UserLastIP' => $CurIP, 'UserRegTime' => $TimeStamp, 'LastLoginTime' => $TimeStamp, 'LastPostTime' => $TimeStamp, 'BlackLists' => '', 'UserFriend' => '', 'UserInfo' => '', 'UserIntro' => '', 'UserIM' => '', 'UserRoleID' => 1, 'UserAccountStatus' => 1, 'Birthday' => date("Y-m-d", $TimeStamp));
$DB->query('INSERT INTO `' . $Prefix . 'users`
(`ID`, `UserName`, `Salt`, `Password`, `UserMail`, `UserHomepage`, `PasswordQuestion`, `PasswordAnswer`, `UserSex`, `NumFavUsers`, `NumFavTags`, `NumFavTopics`, `NewMessage`, `Topics`, `Replies`, `Followers`, `DelTopic`, `GoodTopic`, `UserPhoto`, `UserMobile`, `UserLastIP`, `UserRegTime`, `LastLoginTime`, `LastPostTime`, `BlackLists`, `UserFriend`, `UserInfo`, `UserIntro`, `UserIM`, `UserRoleID`, `UserAccountStatus`, `Birthday`)
VALUES (:ID, :UserName, :Salt, :Password, :UserMail, :UserHomepage, :PasswordQuestion, :PasswordAnswer, :UserSex, :NumFavUsers, :NumFavTags, :NumFavTopics, :NewMessage, :Topics, :Replies, :Followers, :DelTopic, :GoodTopic, :UserPhoto, :UserMobile, :UserLastIP, :UserRegTime, :LastLoginTime, :LastPostTime, :BlackLists, :UserFriend, :UserInfo, :UserIntro, :UserIM, :UserRoleID, :UserAccountStatus, :Birthday)', $NewUserData);
$CurUserID = $DB->lastInsertId();
//Insert App user
$DB->query('INSERT INTO `' . $Prefix . 'app_users`
$SQLKeywordArray[] = '%' . $Value . '%';
}
$TopicsArray = $DB->query('SELECT `ID`, `Topic`, `Tags`, `UserID`, `UserName`, `LastName`, `LastTime`, `Replies` FROM ' . $Prefix . 'topics
WHERE Topic LIKE ? or Tags LIKE ? ' . $QueryString . '
ORDER BY LastTime DESC
LIMIT ' . ($Page - 1) * $Config['TopicsPerPage'] . ',' . $Config['TopicsPerPage'], $SQLKeywordArray);
} else {
$QueryString = str_repeat('or Name LIKE ? ', $KeywordNum - 1);
$SQLKeywordArray = array();
foreach ($KeywordArray as $Value) {
$SQLKeywordArray[] = '%' . $Value . '%';
}
$TagIDList = $DB->column('SELECT ID FROM ' . $Prefix . 'tags
WHERE Name like ? ' . $QueryString, $SQLKeywordArray);
if (!$TagIDList) {
AlertMsg('404 Not Found', '404 Not Found');
}
$TagIDArray = $DB->column('SELECT TopicID FROM ' . $Prefix . 'posttags
WHERE TagID in (?)
ORDER BY TopicID DESC
LIMIT ' . ($Page - 1) * $Config['TopicsPerPage'] . ',' . $Config['TopicsPerPage'], $TagIDList);
$TopicsArray = array();
if ($TagIDArray) {
$TopicsArray = $DB->query('SELECT `ID`, `Topic`, `Tags`, `UserID`, `UserName`, `LastName`, `LastTime`, `Replies` FROM ' . $Prefix . 'topics
force index(PRI)
WHERE ID in (?) and IsDel=0
ORDER BY LastTime DESC', $TagIDArray);
}
}
}
/*