function parse_content(&$toparse) { $toparse = htmlspecialchars_decode($toparse); $explo = explode('|', $toparse); foreach ($explo as $index => $part) { $part = trim($part); if ($part[0] == '+') { $func = explode(',', $part, 4); switch ($func[0]) { case "+img": $explo[$index] = imgtag($func[1], $func[2]); break; case "+spacer": $explo[$index] = spacertag($func[1]); break; case "+atvgall": $explo[$index] = build_atv_gallery(); break; case "+imagegall": $explo[$index] = '<h1>Image Gallery</h1>' . imageupload() . '<p><br><br></p>' . delimage() . '<p><br><br></p>' . buildgallery(); break; case "+csv": $explo[$index] = csvfileupload(); break; case "+viparea": $explo[$index] = viparea(); break; case "+dbviewer": $explo[$index] = dbcontrol() . printusers() . printfiles() . printnotes() . printcms(); break; case "+filedeposit": $explo[$index] = filedeposit(); break; case "+newsfeed": $explo[$index] = build_newsfeed(); break; case "+projfeed": $explo[$index] = build_projectfeed($func[1]); break; case "+login": $explo[$index] = login_page(); break; case "+contactprofile": $explo[$index] = profilepage(); break; } } } $toparse = implode($explo); }
function check_login() { if ($_SESSION['username'] != "" && $_SESSION['password'] != "") { if (!check_user_pw($_SESSION['username'], $_SESSION['password'], true)) { login_page(); } } else { if ($_COOKIE['username'] != "" && $_COOKIE['password'] != "" && $_COOKIE['rights'] == "admin") { $_SESSION['username'] = $_COOKIE['username']; $_SESSION['password'] = $_COOKIE['password']; $_SESSION['rights'] = $_COOKIE['rights']; if (!check_user_pw($_SESSION['username'], $_SESSION['password'], true)) { login_page(); } } else { login_page(); } } }
} if (!TMAGIC_QUOTES_GPC) { $_GET = taddslashes($_GET); $_POST = taddslashes($_POST); $_COOKIE = taddslashes($_COOKIE); } if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) { show_msg('您当前的访问请求当中含有非法字符,已经被系统拒绝'); } if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) { $_GET = array_merge($_GET, $_POST); } $actionarray = array('updatecache', 'setadmin', 'closesite', 'repairdb', 'restoredb', 'logout', 'index', 'updatesuccess', 'login'); $action = in_array($_GET['action'], $actionarray) ? $_GET['action'] : 'index'; if (!is_login()) { login_page(); exit; } if (isset($action) && $action == 'updatecache') { include_once TDISCUZ_ROOT . './source/class/class_core.php'; include_once TDISCUZ_ROOT . './source/function/function_core.php'; $cachelist = array(); $discuz =& discuz_core::instance(); $discuz->cachelist = $cachelist; $discuz->init_cron = false; $discuz->init_setting = false; $discuz->init_user = false; $discuz->init_session = false; $discuz->init_misc = false; $discuz->init(); $_G['siteurl'] = str_replace('source/plugin/tools/', '', $_G['siteurl']);
if ($_POST["recaptcha_response_field"] != '') { $rsp = recaptcha_check_answer($conf->RC_PrivKey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$rsp->is_valid) { $cap_rsp = $rsp->error; } } else { $cap_rsp = 'incorrect-captcha-sol'; } } if (isset($_POST['username']) && isset($_POST['password']) && $cap_rsp == NULL) { $session->login($_POST['username'], $_POST['password']); } $user = new User(); $smarty->assign("loggedinuser", preg_replace('/\\s/', ' ', $user->getFullName())); if ($user->getId() == 0) { login_page($smarty); } if (isset($_SERVER['PHP_SELF']) && basename($_SERVER['PHP_SELF']) != 'index.php') { $smarty->assign("menu_current", $src . basename($_SERVER['PHP_SELF'])); } else { $smarty->assign("menu_current", $base); } if ($user->isAdmin()) { $smarty->assign("admin", "yes"); $smarty->assign("version", $conf->version); } else { $smarty->assign("admin", "no"); } /* * * name: debug
<script src="<?php echo get_file_url("js/md5_sha1.js"); ?> "></script> <script> var User_Reset_Cookie = function (type) { $.post("<?php echo get_url("UserApi", "reset_cookie"); ?> ", {type: type}, function (data) { if (data['status']) { alert_notice("重置COOKIE成功"); if (type === "login") { if (confirm("该操作将导致账户须重新登录,请确认?")) { location.href = "<?php echo login_page(); ?> "; } } } else { alert_error(data['msg'], "重置失败"); } }); } $("#U_reset_cookie").click(function () { User_Reset_Cookie("login"); }); $("#U_reset_cookie_salt").click(function () { User_Reset_Cookie("salt"); });
/** * 跳转到登录页面 * @var bool $echo 是否输出数据,还是作为跳转 * @return string|null */ function redirect_to_login($echo = false) { $page = login_page() . "?redirect=" . urlencode(URL_NOW); if ($echo) { return $page; } redirect($page); return NULL; }
function check_login($referer, $loginEmail, $loginPassword) { global $username; global $password; global $hostName; global $databaseName; global $connection; global $HeaderString; global $loginUserID; global $loginFirstName; global $loginLastName; global $adminLoginEmail; global $abbrevInstitution; global $tableAuth, $tableUserData, $tableUsers; // defined in 'db.inc.php' global $loc; // Get the two character salt from the email address collected from the challenge $salt = substr($loginEmail, 0, 2); // Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table) $crypted_password = crypt($loginPassword, $salt); // CONSTRUCT SQL QUERY: $query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' if (isset($_SESSION['formVars'])) { // delete the 'formVars' session variable: deleteSessionVariable("formVars"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' $userID = $row["user_id"]; // extract the user's userID from the last query // Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message) $query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID); // CONSTRUCT SQL QUERY $result = queryMySQLDatabase($query); // RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php') $row2 = mysql_fetch_array($result); // EXTRACT results: fetch the one row into the array '$row2' // Save the fetched user details to the session file: // Write back session variables: saveSessionVariable("loginEmail", $loginEmail); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("loginUserID", $row2["user_id"]); saveSessionVariable("loginFirstName", $row2["first_name"]); saveSessionVariable("loginLastName", $row2["last_name"]); saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]); saveSessionVariable("userLanguage", $row2["language"]); saveSessionVariable("lastLogin", $row2["last_login"]); // Get all user groups specified by the current user // and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups': getUserGroups($tableUserData, $row2["user_id"]); // function 'getUserGroups()' is defined in 'include.inc.php' if ($loginEmail == $adminLoginEmail) { // ('$adminLoginEmail' is specified in 'ini.inc.php') // Get all user groups specified by the admin // and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups': getUserGroups($tableUsers, $row2["user_id"]); } // function 'getUserGroups()' is defined in 'include.inc.php' // Get all user queries that were saved previously by the current user // and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries': getUserQueries($row2["user_id"]); // function 'getUserQueries()' is defined in 'include.inc.php' // Get all export formats that were selected previously by the current user // and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats': getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export"); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all citation formats that were selected previously by the current user // and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats': getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite"); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all citation styles that were selected previously by the current user // and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles': getVisibleUserFormatsStylesTypes($row2["user_id"], "style", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all document types that were selected previously by the current user // and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types': getVisibleUserFormatsStylesTypes($row2["user_id"], "type", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get the user permissions for the current user // and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions': getPermissions($row2["user_id"], "user", true); // function 'getPermissions()' is defined in 'include.inc.php' // Get the default view for the current user // and save it to the session variable 'userDefaultView': getDefaultView($row2["user_id"]); // function 'getDefaultView()' is defined in 'include.inc.php' // Get the default number of records per page preferred by the current user // and save it to the session variable 'userRecordsPerPage': getDefaultNumberOfRecords($row2["user_id"]); // function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php' // Get the user's preference for displaying auto-completions // and save it to the session variable 'userAutoCompletions': getPrefAutoCompletions($row2["user_id"]); // function 'getPrefAutoCompletions()' is defined in 'include.inc.php' // Get the list of "main fields" for the current user // and save the list of fields as comma-delimited string to the session variable 'userMainFields': getMainFields($row2["user_id"]); // function 'getMainFields()' is defined in 'include.inc.php' // We also update the user's entry within the 'users' table: $query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}"; // RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) { header("Location: " . $referer); } else { header("Location: index.php"); } // back to main page } else { // Ensure 'loginEmail' is not registered, so the user is not logged in if (isset($_SESSION['loginEmail'])) { // delete the 'loginEmail' session variable: deleteSessionVariable("loginEmail"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' // Save an error message: $HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' login_page($referer); } // ------------------- // (5) CLOSE the database connection: disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php' }