function twt_logout($p) { $username = base_protect($p['username']); $auth_key = base_protect($p['auth_key']); $u = user_getBySQL("WHERE `type`='native' AND `username`='{$username}' LIMIT 1"); if (count($u) != 1) { return $this->result('用户未找到,这也有可能是由于数据库失败引起的'); } $u = $u[0]; if ($auth_key != $this->calc_auth_key($u)) { return $this->result('AuthKey未匹配'); } $this->lock->unlock($u['type'] . '@' . $u['uid'], 'account.session'); }
function auth_check($domain, $did, $auth, $level = 1) { if (!user_isLogin()) { return false; } $auth = base_protect($auth); $domain = base_protect($domain); $did = (int) $did; $level = (int) $level; if (auth_checkSession($domain, $did, $auth, $level)) { return true; } load_model('user.func'); $user = user_getById($_SESSION['twt_uid']); if (!$user) { return false; } $query = 'SELECT * FROM ' . table('authmap') . ' WHERE ' . '((`ownertype`="group" AND `ownerid`="' . $user['gid'] . '")' . ' OR ' . '(`ownertype`="user" AND `ownerid`="' . $user['uid'] . '"))' . ' AND `domain`="' . $domain . '"' . ' AND `did`="' . $did . '"' . ' AND `auth`="' . $auth . '"' . ' ORDER BY `iscancel` DESC LIMIT 1'; // echo $query; global $db; $result = $db->sql($query); $row = $db->getRow($result); if (!$row) { return -1; } if ($row['iscancel'] != '0') { return -2; } if ($row['level'] < $level) { return -3; } if ($row['bindtype'] == 'group') { return 2; } auth_setSession($row['domain'], $row['did'], $row['auth'], $row['level']); return 1; }
function download_insert($insertarr) { $insertarr = base_protect($insertarr); return inserttable('download', $insertarr); }
function group_insert($insertarr) { $insertarr = base_protect($insertarr); return inserttable('group', $insertarr); }
function column_insert($table, $insertarr) { $insertarr = base_protect($insertarr); return inserttable($table, $insertarr); }
function category_insert($insertarr) { $insertarr = base_protect($insertarr); return inserttable('category', $insertarr); }
function news_insert($insertarr) { $insertarr = base_protect($insertarr); return inserttable('news', $insertarr); }
function item_insert($insertarr) { $insertarr = base_protect($insertarr); return inserttable('item', $insertarr); }
function updatetable($tablename, $setsqlarr, $wheresqlarr, $autoprotect = true) { global $db; $setsql = $comma = ''; foreach ($setsqlarr as $set_key => $set_value) { //fix $setsql .= $comma . '`' . $set_key . '`' . '=\'' . $set_value . '\''; $comma = ', '; } $where = $comma = ''; if (empty($wheresqlarr)) { $where = '1'; } elseif (is_array($wheresqlarr)) { foreach ($wheresqlarr as $key => $value) { if ($autoprotect) { $value = base_protect($value); } $where .= $comma . '`' . $key . '`' . '=\'' . $value . '\''; $comma = ' AND '; } } else { $where = $wheresqlarr; } $query = 'UPDATE ' . table($tablename) . ' SET ' . $setsql . ' WHERE ' . $where; //print_R("<br/>"); //print_R($query); // echo 'UPDATE '.table($tablename).' SET '.$setsql.' WHERE '.$where; $flag = $db->sql('UPDATE ' . table($tablename) . ' SET ' . $setsql . ' WHERE ' . $where); // echo 'flag='.$flag; return $flag; }
function update_array($table, $setarr, $where) { $wherearr = base_protect($where); $setarr = base_protect($setarr); return updatetable($table, $setarr, $wherearr) ? true : false; }