function signin($username, $password)
{
global $maindb;
$username = mysql_real_escape_string(stripslashes($username));
$password = mysql_real_escape_string(stripslashes($password));
$username = strtolower($username);
if (logincheck()) {
return true;
}
$resultu = mysql_query("select * from md_uaccounts where email_address='{$username}'", $maindb);
$usert1 = mysql_fetch_array($resultu);
$username_db = $usert1['email_address'];
$password_db = $usert1['pass_word'];
$account_status = $usert1['account_status'];
$login_username = $username;
$login_password = md5($password);
$code_p = uniqid($username, true);
// GENERATE SESSION ID
$sessid = md5($code_p);
if ($username_db == $login_username && $login_password == $password_db) {
if ($account_status == "1") {
$date_n = mktime(date("G"), date("i"), date("s"), date("m"), date("d") + 100, date("Y"));
// Generate date
mysql_query("INSERT INTO `md_usessions` VALUES('', '{$sessid}', '{$date_n}', '1', '{$username}', '{$login_password}', '1', '', '" . time() . "')", $maindb);
$inTwoMonths = 60 * 60 * 24 * 60 + time();
setcookie('md_loginsession', $sessid, $inTwoMonths);
return true;
}
}
return false;
}
public function add($gid, $type, $qishu = 0)
{
$islogin = logincheck();
if ($islogin == 0) {
$result['status'] = 1000;
$result['message'] = '未登录';
$this->ajaxReturn($result);
return;
}
$db = M('cart');
$map['gid'] = $gid;
$map['type'] = $type;
$map['uid'] = session("_uid");
$exists = $db->where($map)->find();
$result = array();
if (empty($exists)) {
$data['gid'] = $gid;
$data['uid'] = get_temp_uid();
$data['type'] = $type;
$data['flag'] = home_is_login() ? 1 : 0;
// 0 没有登陆, 1登陆
if ($db->add($data)) {
count_cart(1);
$result['count'] = 1;
$result['status'] = 0;
$result['message'] = '添加成功';
} else {
$result['status'] = 1;
$result['message'] = '添加失败';
}
} else {
if ($exists['paimai']) {
$result['status'] = 2;
$result['message'] = '商品已经添加';
} else {
if ($exists['good'] && intval($exists['good']['xiangou']) > 0 && intval($exists['good']['xiangou']) == intval($exists['count'])) {
$result['status'] = 3;
$result['message'] = '该商品限购' . $exists['good']['xiangou'] . '人次';
} else {
if ($exists['good'] && intval($exists['count']) >= intval($exists['good']['shengyurenshu'])) {
$result['status'] = 4;
$result['message'] = '该商品剩余' . $exists['good']['shengyurenshu'] . '人次';
} else {
// 存在,累加
$data['count'] = intval($exists['count']) + 1;
$data['id'] = $exists['id'];
if ($db->save($data)) {
$result['status'] = 0;
$result['message'] = '添加成功';
} else {
$result['status'] = 1;
$result['message'] = '添加失败';
}
}
}
}
}
$this->ajaxReturn($result);
}
public function login()
{
global $_G;
$validate_error = array();
//数据验证
$validate_error_rules = $this->rules();
if ($validate_error_rules !== true) {
return $validate_error_rules;
}
require_once libfile('function/member');
$input_email = $_POST['email'];
$input_password = $_POST['password'];
$input_rememberme = $_POST['rememberme'];
if (!($_G['member_loginperm'] = logincheck($input_email))) {
$validate_error['password'] = '******';
return $validate_error;
}
$result = userlogin($input_email, $input_password, 0, 0, 'email', $_G['clientip']);
if ($result['status'] <= 0) {
$password = preg_replace("/^(.{" . round(strlen($input_password) / 4) . "})(.+?)(.{" . round(strlen($input_password) / 6) . "})\$/s", "\\1***\\3", $input_password);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $input_email) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($input_email);
failedip();
if ($_G['member_loginperm'] > 1) {
$loginperm = $_G['member_loginperm'] - 1;
$validate_error['password'] = '******' . $loginperm . ' 次';
return $validate_error;
} elseif ($_G['member_loginperm'] == -1) {
$validate_error['password'] = '******';
return $validate_error;
} else {
$validate_error['password'] = '******';
return $validate_error;
}
} else {
setloginstatus($result['member'], $_GET['rememberme'] ? 2592000 : 0);
//是否记住密码,自动登录
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
//是否Ucenter同步登录
return true;
}
}
public function index()
{
$this->load->helper('url');
$this->load->library('session');
$user = $this->input->post('user_input');
$pw = $this->input->post('pw_input');
if ($this->session->flashdata('test_login') == "yes") {
$this->session->keep_flashdata('test_login');
$this->session->keep_flashdata('test_user');
$home_url = base_url() . "test/admin";
header("Location: {$home_url}");
}
if (!empty($user)) {
function logincheck($u, $p)
{
$users_array = array("admin" => 'gotoingressforthewin', "manger" => 'forabetterworld');
if (array_key_exists($u, $users_array)) {
if ($p == $users_array[$u]) {
$msg = "Pass";
} else {
$msg = "Wrong password";
}
} else {
$msg = "Wrong username";
}
return $msg;
}
$err_msg = "ERROR Message: " . logincheck($user, $pw);
if (logincheck($user, $pw) == "Pass") {
$this->session->set_flashdata('test_login', 'yes');
$this->session->set_flashdata('test_user', $user);
$home_url = base_url() . "test/admin";
header("Location: {$home_url}");
}
} else {
$err_msg = "";
}
$data = array('err_msg' => $err_msg);
$this->load->view('test_page', $data);
}
function on_login()
{
global $_G;
empty($mrefreshtime) && ($mrefreshtime = 2000);
if ($_G['uid']) {
$ucsynlogin = uc_user_synlogin($_G['uid']);
$param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['member']['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1));
}
if (!($_G['member_loginperm'] = logincheck())) {
showmessage('login_strike');
}
if (!submitcheck('loginsubmit', 1)) {
$_G['referer'] = dreferer();
$cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : '';
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
include template('member/login');
} else {
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
$result = userlogin($_G['gp_username'], $_G['gp_password'], null, null, 'auto');
if ($result['status'] > 0) {
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
$ucsynlogin = uc_user_synlogin($_G['uid']);
$message = 1;
$param = array('username' => $_G['member']['username'], 'ucsynlogin' => $ucsynlogin, 'uid' => $_G['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => 1));
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['member_loginperm']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
function on_login() {
global $_G;
if($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
list($seccodecheck) = seccheck('login');
if(!empty($_GET['auth'])) {
$dauth = authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']);
list(,,,$secchecklogin2) = explode("\t", $dauth);
if($secchecklogin2) {
$seccodecheck = true;
}
}
$seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if(!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
if(!empty($_GET['auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey']));
$username = dhtmlspecialchars($username);
$auth = dhtmlspecialchars($_GET['auth']);
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
if($seccodecheck) {
$seccode = random(6, 1) + $seccode{0} * 1000000;
}
if($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if(!empty($_GET['auth'])) {
list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE', $_G['config']['security']['authkey'])));
}
$loginhash = !empty($_GET['loginhash']) && preg_match('/^\w+$/', $_GET['loginhash']) ? $_GET['loginhash'] : '';
if(!($_G['member_loginperm'] = logincheck($_GET['username']))) {
captcha::report($_G['clientip']);
showmessage('login_strike');
}
if($_GET['fastloginfield']) {
$_GET['loginfield'] = $_GET['fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if(!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$uid = $result['ucresult']['uid'];
if(!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
$_GET['username'] = $result['ucresult']['username'];
$this->logging_more($result['ucresult']['uid'] == -3);
}
if($result['status'] == -1) {
if(!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username']."\t".FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod='.$this->setting['regname'].'&action=activation&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()), array(), array('location' => true));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if($result['status'] > 0) {
if($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
if($_G['group']['forcelogin']) {
if($_G['group']['forcelogin'] == 1) {
clearcookies();
showmessage('location_login_force_qq');
} elseif($_G['group']['forcelogin'] == 2 && $_GET['loginfield'] != 'email') {
clearcookies();
showmessage('location_login_force_mail');
}
}
if($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'].','.$_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'port' => $_G['remoteport'], 'lastvisit' =>TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$pwold = false;
if($this->setting['strongpw'] && !$this->setting['pwdsafety']) {
if(in_array(1, $this->setting['strongpw']) && !preg_match("/\d+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(2, $this->setting['strongpw']) && !preg_match("/[a-z]+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(3, $this->setting['strongpw']) && !preg_match("/[A-Z]+/", $_GET['password'])) {
$pwold = true;
}
if(in_array(4, $this->setting['strongpw']) && !preg_match("/[^a-zA-z0-9]+/", $_GET['password'])) {
$pwold = true;
}
}
if($_G['member']['adminid'] != 1) {
if($this->setting['accountguard']['loginoutofdate'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > 90 * 86400) {
C::t('common_member')->update($_G['uid'], array('freeze' => 2));
C::t('common_member_validate')->insert(array(
'uid' => $_G['uid'],
'submitdate' => TIMESTAMP,
'moddate' => 0,
'admin' => '',
'submittimes' => 1,
'status' => 0,
'message' => '',
'remark' => '',
), false, true);
manage_addnotify('verifyuser');
showmessage('location_login_outofdate', 'home.php?mod=spacecp&ac=profile&op=password&resend=1', array('type' => 1), array('showdialog' => true, 'striptags' => false, 'locationtime' => true));
}
if($this->setting['accountguard']['loginpwcheck'] && $pwold) {
$freeze = $pwold;
if($this->setting['accountguard']['loginpwcheck'] == 2 && $freeze) {
C::t('common_member')->update($_G['uid'], array('freeze' => 1));
}
}
}
$seccheckrule = & $_G['setting']['seccodedata']['rule']['login'];
if($seccheckrule['allow'] == 2) {
if($seccheckrule['nolocal']) {
require_once libfile('function/misc');
$lastipConvert = process_ipnotice(convertip($_G['member']['lastip']));
$nowipConvert = process_ipnotice(convertip($_G['clientip']));
if($lastipConvert != $nowipConvert && stripos($lastipConvert, $nowipConvert) == false && stripos($nowipConvert, $lastipConvert) == false) {
$seccodecheck = true;
}
}
if(!$seccodecheck && $seccheckrule['pwsimple'] && $pwold) {
$seccodecheck = true;
}
if(!$seccodecheck && $seccheckrule['outofday'] && $_G['member']['lastvisit'] && TIMESTAMP - $_G['member']['lastvisit'] > $seccheckrule['outofday'] * 86400) {
$seccodecheck = true;
}
if(!$seccodecheck && $_G['member_loginperm'] < 4) {
$seccodecheck = true;
}
if(!$seccodecheck && $seccheckrule['numiptry']) {
$seccodecheck = failedipcheck($seccheckrule['numiptry'], $seccheckrule['timeiptry']);
}
if($seccodecheck && !$secchecklogin2) {
clearcookies();
$auth = authcode($_GET['username']."\t".$_GET['password']."\t".($result['ucresult']['uid'] == -3 ? 1 : 0)."\t1", 'ENCODE', $_G['config']['security']['authkey']);
$location = 'member.php?mod=logging&action=login&auth='.rawurlencode($auth).'&referer='.rawurlencode(dreferer()).(!empty($_GET['cookietime']) ? '&cookietime=1' : '');
if(defined('IN_MOBILE')) {
showmessage('login_seccheck2', $location);
} else {
$js = '<script type="text/javascript">location.href=\''.$location.'\'</script>';
showmessage('login_seccheck2', '', array('type' => 1), array('extrajs' => $js));
}
}
}
if($invite['id']) {
$result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
if(!$result) {
C::t('common_invite')->update($invite['id'], array('fuid'=>$uid, 'fusername'=>$_G['username']));
updatestat('invite');
} else {
$invite = array();
}
}
if($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if($invite['appid']) {
updatestat('appinvite');
}
}
$param = array(
'username' => $result['ucresult']['username'],
'usergroup' => $_G['group']['grouptitle'],
'uid' => $_G['member']['uid'],
'groupid' => $_G['groupid'],
'syn' => $ucsynlogin ? 1 : 0
);
$extra = array(
'showdialog' => true,
'locationtime' => true,
'extrajs' => $ucsynlogin
);
if(!$freeze || !$this->setting['accountguard']['loginpwcheck']) {
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
} else {
$loginmessage = 'login_succeed_password_change';
$location = 'home.php?mod=spacecp&ac=profile&op=password';
$_GET['lssubmit'] = 0;
}
if(empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if(defined('IN_MOBILE')) {
showmessage($loginmessage, $location, $param, array('location' => true));
} else {
if(!empty($_GET['lssubmit'])) {
if(!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\'", $location);
showmessage('location_login_succeed', $location, array(),
array(
'showid' => 'succeedmessage',
'extrajs' => '<script type="text/javascript">'.
'setTimeout("window.location.href =\''.$href.'\';", 3000);'.
'$(\'succeedmessage_href\').href = \''.$href.'\';'.
'$(\'main_message\').style.display = \'none\';'.
'$(\'main_succeed\').style.display = \'\';'.
'$(\'succeedlocation\').innerHTML = \''.lang('message', $loginmessage, $param).'\';</script>'.$ucsynlogin,
'striptags' => false,
'showdialog' => true
)
);
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{".round(strlen($_GET['password']) / 4)."})(.+?)(.{".round(strlen($_GET['password']) / 6)."})$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(
TIMESTAMP."\t".
($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username'])."\t".
$password."\t".
"Ques #".intval($_GET['questionid'])."\t".
$_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
failedip();
$fmsg = $result['ucresult']['uid'] == '-3' ? (empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid') : 'login_invalid';
if($_G['member_loginperm'] > 1) {
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
} elseif($_G['member_loginperm'] == -1) {
showmessage('login_password_invalid');
} else {
showmessage('login_strike');
}
}
}
}
<?php
require_once 'cfg_admin.php';
logincheck();
$szReferer = isset($_POST['referer']) ? $_POST['referer'] : (isset($_GET['referer']) ? $_GET['referer'] : (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/admin/'));
if (isset($_POST['image'], $_POST['left'], $_POST['top'], $_POST['width'], $_POST['height'], $_POST['tw'], $_POST['th'])) {
$szImagePath = $_SERVER['DOCUMENT_ROOT'] . $_POST['image'];
$is = getimagesize($szImagePath);
if (!isset($g_arrGDHandlers[$is['mime']])) {
exit('Invalid image type.');
}
$arrGDHandler = $g_arrGDHandlers[$is['mime']];
$fn1 = $arrGDHandler[0];
$fn2 = $arrGDHandler[1];
if (!($old_img = $fn1($szImagePath))) {
exit('Could not open image. Wrong type?');
}
$new_img = imagecreatetruecolor($_POST['tw'], $_POST['th']);
imagecopyresampled($new_img, $old_img, 0, 0, $_POST['left'], $_POST['top'], $_POST['tw'], $_POST['th'], $_POST['width'], $_POST['height']);
//echo '<pre>';
//print_r($is);
//exit;
// header('Content-type: '.$is['mime']);
$fn2($new_img, $szImagePath);
//echo '<p>Image saved to <a href="'.$_POST['image'].'">'.$_POST['image'].'</a>. <a href="'.$szReferer.'">Go back</a>.</p>';
header('Location: ' . $szReferer);
exit;
}
tpl_header();
if (!isset($_GET['tw'], $_GET['th'])) {
echo '<form method="get" action="">';
<option value=\"5\">$lang[security_question_5]</option>
<option value=\"6\">$lang[security_question_6]</option>
<option value=\"7\">$lang[security_question_7]</option>
</select><br />\n".
"$lang[security_answer]: <input type=\"answer\" name=\"answer\" value=\" \" format=\"M*m\" /><br />\n".
"<anchor title=\"$lang[submit]\">$lang[submit]".
"<go method=\"post\" href=\"index.php?action=login&sid=$sid\">\n".
"<postfield name=\"questionid\" value=\"$(questionid)\" />\n".
"<postfield name=\"answer\" value=\"$(answer)\" />\n".
"<postfield name=\"username\" value=\"$(username)\" />\n".
"<postfield name=\"password\" value=\"$(password)\" />\n".
"<postfield name=\"loginfield\" value=\"$(loginfield)\" />\n".
"</go></anchor></p>\n";
} else {
$loginperm = logincheck();
if(!$loginperm) {
wapmsg('login_strike');
}
$answer = wapconvert($answer);
$username = wapconvert($username);
require_once DISCUZ_ROOT.'./uc_client/client.php';
$ucresult = uc_user_login($username, $password, $loginfield, 1, $questionid, $answer);
list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email']) = daddslashes($ucresult, 1);
$ucresult = $tmp;
if($ucresult['uid'] > 0) {
$member = $db->fetch_first("SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques, groupid, invisible
function login()
{
/*{{{*/
require_once dirname(dirname(dirname(__FILE__))) . '/bigappjson.class.php';
$username = isset($_REQUEST["username"]) ? $_REQUEST["username"] : "";
$password = isset($_REQUEST["password"]) ? $_REQUEST["password"] : "";
global $_G;
$_GET['username'] = $username;
$_GET['password'] = $password;
////////////////////////////////////////////
//$_GET['questionid'] = $_GET['answer'] = '';
if (isset($_REQUEST['questionid'])) {
$questionid = intval($_REQUEST['questionid']);
} else {
$questionid = 0;
}
if (isset($_REQUEST['answer'])) {
$answer = $_REQUEST['answer'];
} else {
$answer = '';
}
if (function_exists('iconv')) {
$userName = iconv('UTF-8', CHARSET . '//ignore', $username);
$answer = iconv('UTF-8', CHARSET . '//ignore', $answer);
} else {
$userName = mb_convert_encoding($username, CHARSET, 'UTF-8');
$answer = mb_convert_encoding($answer, CHARSET, 'UTF-8');
}
////////////////////////////////////////////
$_GET['loginfield'] = 'username';
require_once libfile('function/member');
require_once libfile('class/member');
require_once libfile('function/misc');
require_once libfile('function/mail');
loaducenter();
if (!($_G['member_loginperm'] = logincheck($userName))) {
echo BIGAPPJSON::encode(array('error_code' => 3, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors'))));
die(0);
}
$result = userlogin($userName, $password, $questionid, $answer, 'username', $_G['clientip']);
if ($result['ucresult']['uid'] == '-3') {
echo BIGAPPJSON::encode(array('error_code' => 9, 'error_msg' => lang('plugin/bigapp', 'user_seq_question'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'user_seq_question'))));
die(0);
}
$uid = $_G['uid'] = $result['ucresult']['uid'];
$userName = $result['ucresult']['username'];
$userAvatar = avatar($_G['uid'], 'big', true);
$userAvatar = str_replace("\r", '', $userAvatar);
$userAvatar = str_replace("\n", '', $userAvatar);
$ctlObj = new logging_ctl();
$ctlObj->setting = $_G['setting'];
if ($result['status'] == -1) {
if (!$ctlObj->setting['fastactivation']) {
echo BIGAPPJSON::encode(array('error_code' => 5, 'error_msg' => lang('plugin/bigapp', 'activate_first'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed'))));
die(0);
}
$init_arr = explode(',', $ctlObj->setting['initcredits']);
$groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
if ($result['status'] > 0) {
if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) {
require_once $ctlObj->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
if (isset($result['member']['password'])) {
unset($result['member']['password']);
}
if (isset($result['member']['credits'])) {
unset($result['member']['credits']);
}
/////////////////////////////////////////////////
// 登录成功,进行绑定
$plat = $_GET["platform"];
if ($plat == "qq") {
include_once CUR_PATH . "/../qqconnect/bind.php";
} else {
if ($plat == 'wechat') {
include_once CUR_PATH . "/../wechatconnect/bind.php";
}
}
/////////////////////////////////////////////////
echo BIGAPPJSON::encode(array('error_code' => 0, 'error_msg' => lang('plugin/bigapp', 'bind_succ'), 'data' => $result['member'], 'Message' => array('messageval' => 'login_succeed', 'messagestr' => lang('plugin/bigapp', 'bind_succ')), 'Variables' => array('auth' => 'in order to be comapatible')));
die(0);
}
if ($_G['member_loginperm'] > 1) {
echo BIGAPPJSON::encode(array('error_code' => 6, 'error_msg' => lang('plugin/bigapp', 'login_failed'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed'))));
} elseif ($_G['member_loginperm'] == -1) {
echo BIGAPPJSON::encode(array('error_code' => 7, 'error_msg' => lang('plugin/bigapp', 'error_password'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'error_password'))));
} else {
echo BIGAPPJSON::encode(array('error_code' => 8, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors'))));
}
die(0);
}
function isAdmin()
{
return logincheck() && $GLOBALS['g_objUser']->isAdmin();
}
function api_login()
{
global $_G, $_POST;
if ($_POST) {
if (!empty($_POST['auth'])) {
list($_POST['email'], $_POST['password']) = daddslashes(explode("\t", authcode($_POST['auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
json_error(lang('message', 'login_strike'));
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_POST['password'] || $_POST['password'] != addslashes($_POST['password'])) {
json_error(lang('message', 'profile_passwd_illegal'));
}
$username = $_POST['uname'];
$result = userlogin($username, $_POST['password'], $_POST['questionid'], $_POST['answer'], 'auto', $_G['clientip']);
$uid = $result['ucresult']['uid'];
if ($result['status'] == -1) {
//不可能发生;
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
json_error(lang('message', 'location_activation'));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('user')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
} elseif ($result['status'] == -2) {
json_error('此用户已停用,请联系管理员');
} elseif ($_G['setting']['bbclosed'] > 0 && $result['member']['adminid'] != 1) {
json_error('站点关闭中,请联系管理员');
}
if ($result['status'] > 0) {
$token = md5($_G['uid'] . time());
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('user_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$tokenExit = DB::result_first('SELECT token FROM %t WHERE uid=%s', array('user_token', $_G['uid']));
$time = time();
if ($tokenExit) {
DB::query('update %t set token=%s,created_at=%s where uid=%s', array('user_token', $token, $time, $_G['uid']));
} else {
//C::t('user_token')->insert(array('token'=>$token,'created_at'=>time(),'uid'=>$_G['uid']));
DB::query('insert into %t values(%s,%s,%s)', array('user_token', $_G['uid'], $token, $time));
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => '');
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $_G['groupid'] == 8 ? 'index.php?open=password' : dreferer();
$data = array('username' => $result['ucresult']['username'], 'uid' => $_G['member']['uid'], 'token' => $token, 'avatar' => $_G['config']['common']['home_url'] . '/' . avatar($_G['member']['uid'], 'middle', true), 'email' => $result['ucresult']['email']);
if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if (defined('IN_MOBILE')) {
json_success(lang($loginmessage), $data);
} else {
if (!empty($_GET['lssubmit'])) {
json_success(lang($loginmessage), $data);
} else {
json_success(lang('location_login_succeed'), $data);
}
}
} else {
json_success(lang($loginmessage), $data);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['email'] ? $result['ucresult']['email'] : $_GET['email']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
if ($_G['member_loginperm'] > 1) {
json_error(lang($fmsg));
} elseif ($_G['member_loginperm'] == -1) {
json_error(lang('login_password_invalid'));
} else {
json_error(lang('login_strike'));
}
}
} else {
json_error('异常登录');
}
}
showmessage('logout_succeed', dreferer());
}
} elseif ($action == 'login') {
if ($discuz_uid) {
$ucsynlogin = '';
showmessage('login_succeed', $indexname);
}
// OpenID4Discuz
if (!empty($loginsubmit) && $loginfield == 'openid' || !empty($openidlogin)) {
// $url_forward = "openid.php?openid_identifier=".$openid_identifier;
// dheader("location: ".str_replace('&', '&', $url_forward));
include 'openid.php';
dexit();
}
$field = $loginfield == 'uid' ? 'uid' : 'username';
if (!($loginperm = logincheck())) {
showmessage('login_strike');
}
$seccodecheck = $seccodestatus & 2;
if ($seccodecheck && $seccodedata['loginfailedcount']) {
$seccodecheck = $db->result_first("SELECT count(*) FROM {$tablepre}failedlogins WHERE ip='{$onlineip}' AND count>='{$seccodedata['loginfailedcount']}' AND {$timestamp}-lastupdate<=900");
}
if (!submitcheck('loginsubmit', 1, $seccodecheck)) {
$discuz_action = 6;
$referer = dreferer();
$thetimenow = '(GMT ' . ($timeoffset > 0 ? '+' : '') . $timeoffset . ') ' . dgmdate("{$dateformat} {$timeformat}", $timestamp + $timeoffset * 3600) . ($styleselect = '');
$query = $db->query("SELECT styleid, name FROM {$tablepre}styles WHERE available='1'");
while ($styleinfo = $db->fetch_array($query)) {
$styleselect .= "<option value=\"{$styleinfo['styleid']}\">{$styleinfo['name']}</option>\n";
}
$cookietimecheck = !empty($_DCOOKIE['cookietime']) ? 'checked="checked"' : '';
function on_login()
{
global $_G;
if ($_G['uid']) {
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', dreferer(), $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$seccodecheck = $_G['setting']['seccodestatus'] & 2;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodecheck)) {
$_G['referer'] = dreferer();
$thetimenow = '(GMT ' . ($_G['setting']['timeoffset'] > 0 ? '+' : '') . $_G['setting']['timeoffset'] . ') ' . dgmdate(TIMESTAMP, 'u') . ($cookietimecheck = !empty($_G['cookie']['cookietime']) ? 'checked="checked"' : '');
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
$navtitle = lang('core', 'title_login');
include template('member/login');
} else {
if (!($_G['member_loginperm'] = logincheck())) {
showmessage('login_strike');
}
if ($_G['gp_fastloginfield']) {
$_G['gp_loginfield'] = $_G['gp_fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $_G['setting']['autoidselect'] ? 'auto' : $_G['gp_loginfield']);
if ($result['status'] > 0) {
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'");
$ucsynlogin = $_G['setting']['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
include_once libfile('function/stat');
updatestat('login', 1);
updatecreditbyaction('daylogin', $_G['uid']);
checkusergroup($_G['uid']);
if ($invite['id']) {
DB::update("common_invite", array('fuid' => $uid, 'fusername' => $username), array('id' => $invite['id']));
updatestat('invite');
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
if (!empty($_G['inajax']) && empty($_G['gp_quickforward'])) {
$_G['setting']['msgforward'] = unserialize($_G['setting']['msgforward']);
$mrefreshtime = intval($_G['setting']['msgforward']['refreshtime']) * 1000;
loadcache('usergroups');
$usergroups = addslashes($_G['cache']['usergroups'][$_G['groupid']]['grouptitle']);
$message = 1;
include template('member/login');
} else {
$param = array('username' => $_G['member']['username'], 'uid' => $_G['member']['uid'], 'syn' => $ucsynlogin ? 1 : 0);
if ($_G['groupid'] == 8) {
showmessage('login_succeed_inactive_member', 'home.php?mod=space&do=home', $param, array('extrajs' => $ucsynlogin));
} else {
showmessage('login_succeed', $invite ? 'home.php?mod=space&do=home' : dreferer(), $param, array('extrajs' => $ucsynlogin));
}
}
} elseif ($result['status'] == -1) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
$location = 'member.php?mod=' . $_G['setting']['regname'] . '&action=activation&auth=' . rawurlencode($auth);
if ($_G['inajax'] && empty($_G['gp_quickforward'])) {
$message = 2;
include template('member/login');
} else {
showmessage('login_activation', $location);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['member_loginperm']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}
echo '<td><a href="?edit=' . urlencode($a['alias']) . '">' . html($a['alias']) . '</a></td>';
echo '<td align="center">' . ($a['public'] ? 'Y' : 'N') . '</td>';
echo '<td>' . html($a['path']) . '</td>';
echo '<td>' . html($a['description']) . '</td>';
echo '<td align="center">' . $version . '</td>';
echo '<td align="center">' . (is_readable($a['path']) ? 'Y' : 'N') . '</td>';
echo '<td align="right">' . (is_readable($a['path']) ? $size : '-') . '</td>';
echo '<td align="center">' . (is_writable($a['path']) ? 'Y' : 'N') . '</td>';
if (isAdmin()) {
echo '<td align="center"><a href="?delete=' . urlencode($a['alias']) . '">del</a></td>';
}
echo '</tr>' . "\n";
$n++;
}
echo '</table>' . "\n";
if (logincheck() && $g_objUser->isAdmin()) {
echo '<br />' . "\n";
$arrAlias = null;
if (!empty($_GET['edit'])) {
$arrAlias = $master->select('aliases', 'alias = \'' . $master->escape($_GET['edit']) . '\' LIMIT 2');
if (1 == count($arrAlias)) {
$arrAlias = $arrAlias[0];
} else {
unset($_GET['edit'], $arrAlias);
$arrAlias = null;
}
}
echo '<form enctype="multipart/form-data" method="post" action="aliases.php' . (!empty($_GET['edit']) ? '?edit=' . $_GET['edit'] : '') . '">';
echo '<table border="1" cellpadding="4" cellspacing="2">' . "\n";
echo '<tr><th colspan="2">' . (!empty($_GET['edit']) ? 'Edit' : 'New') . ' alias</th></tr>' . "\n";
echo '<tr><th>Alias</th><td><input type="text" name="alias" value="' . ($arrAlias ? html($arrAlias['alias']) : '') . '" size="60" /></td></tr>' . "\n";
function login()
{
global $_G;
$userName = null;
$password = null;
if (isset($_REQUEST['username'])) {
$userName = $_REQUEST['username'];
}
if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
}
if (isset($_REQUEST['questionid'])) {
$questionid = intval($_REQUEST['questionid']);
} else {
$questionid = 0;
}
if (isset($_REQUEST['answer'])) {
$answer = $_REQUEST['answer'];
} else {
$answer = '';
}
if (function_exists('iconv')) {
$userName = iconv('UTF-8', CHARSET . '//ignore', $userName);
$answer = iconv('UTF-8', CHARSET . '//ignore', $answer);
} else {
$userName = mb_convert_encoding($userName, CHARSET, 'UTF-8');
$answer = mb_convert_encoding($answer, CHARSET, 'UTF-8');
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (empty($userName) || empty($password) || $password != addslashes($password)) {
echo BIGAPPJSON::encode(array('error_code' => 2, 'error_msg' => lang('plugin/bigapp', 'invalid_param'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'invalid_param'))));
die(0);
}
require_once dirname(dirname(dirname(__FILE__))) . '/bigappjson.class.php';
require_once libfile('function/misc');
require_once libfile('function/mail');
loaducenter();
if (!($_G['member_loginperm'] = logincheck($userName))) {
echo BIGAPPJSON::encode(array('error_code' => 3, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors'))));
die(0);
}
$result = userlogin($userName, $password, $questionid, $answer, 'username', $_G['clientip']);
if ($result['ucresult']['uid'] == '-3') {
/*
$sql = 'SELECT * FROM ' . DB::table('common_member') . " WHERE username = '******'";
$query = DB::query($sql);
$userInfo = array();
while($tmp = DB::fetch($query)) {
$userInfo = $tmp;
break;
}
if(empty($userInfo)){
echo BIGAPPJSON::encode(array('error_code' => 4, 'error_msg' => lang('plugin/bigapp', 'user_not_exists'),
'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'user_not_exists'))));
die(0);
}else */
//if(!empty($answer)){
echo BIGAPPJSON::encode(array('error_code' => 9, 'error_msg' => lang('plugin/bigapp', 'user_seq_question'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'user_seq_question'))));
die(0);
//}
/*
$result['ucresult']['uid'] = $userInfo['uid'];
$result['member'] = $userInfo;
$result['status'] = 1;
*/
}
$uid = $_G['uid'] = $result['ucresult']['uid'];
$userName = $result['ucresult']['username'];
$userAvatar = avatar($_G['uid'], 'big', true);
$userAvatar = str_replace("\r", '', $userAvatar);
$userAvatar = str_replace("\n", '', $userAvatar);
$ctlObj = new logging_ctl();
$ctlObj->setting = $_G['setting'];
if ($result['status'] == -1) {
if (!$ctlObj->setting['fastactivation']) {
echo BIGAPPJSON::encode(array('error_code' => 5, 'error_msg' => lang('plugin/bigapp', 'activate_first'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed'))));
die(0);
}
$init_arr = explode(',', $ctlObj->setting['initcredits']);
$groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
if ($result['status'] > 0) {
if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) {
require_once $ctlObj->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
if (isset($result['member']['password'])) {
unset($result['member']['password']);
}
if (isset($result['member']['credits'])) {
unset($result['member']['credits']);
}
echo BIGAPPJSON::encode(array('error_code' => 0, 'error_msg' => lang('plugin/bigapp', 'login_succ'), 'data' => $result['member'], 'Message' => array('messageval' => 'login_succeed', 'messagestr' => lang('plugin/bigapp', 'login_succ')), 'Variables' => array('auth' => 'in order to be comapatible')));
die(0);
}
if ($_G['member_loginperm'] > 1) {
echo BIGAPPJSON::encode(array('error_code' => 6, 'error_msg' => lang('plugin/bigapp', 'login_failed'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'login_failed'))));
} elseif ($_G['member_loginperm'] == -1) {
echo BIGAPPJSON::encode(array('error_code' => 7, 'error_msg' => lang('plugin/bigapp', 'error_password'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'error_password'))));
} else {
echo BIGAPPJSON::encode(array('error_code' => 8, 'error_msg' => lang('plugin/bigapp', 'too_many_errors'), 'Variables' => array('auth' => null), 'Message' => array('messageval' => 'for comaptible', 'messagestr' => lang('plugin/bigapp', 'too_many_errors'))));
}
die(0);
}
function common()
{
global $_G;
if (!defined('IN_MOBILE_API')) {
return;
}
if (!$_G['setting']['mobile']['allowmobile']) {
mobile_core::result(array('error' => 'mobile_is_closed'));
}
if (!empty($_GET['tpp'])) {
$_G['tpp'] = intval($_GET['tpp']);
}
if (!empty($_GET['ppp'])) {
$_G['ppp'] = intval($_GET['ppp']);
}
$_G['pluginrunlist'] = array('mobile', 'qqconnect', 'wechat');
$_G['siteurl'] = preg_replace('/api\\/mobile\\/$/', '', $_G['siteurl']);
$_G['setting']['msgforward'] = '';
$_G['setting']['cacheindexlife'] = $_G['setting']['cachethreadlife'] = false;
if (!$_G['setting']['mobile']['nomobileurl'] && function_exists('diconv') && !empty($_GET['charset'])) {
$_GET = mobile_core::diconv_array($_GET, $_GET['charset'], $_G['charset']);
}
if ($_GET['_auth']) {
require_once DISCUZ_ROOT . './source/plugin/wechat/wsq.class.php';
$uid = wsq::decodeauth($_GET['_auth']);
$disablesec = false;
if ($uid) {
require_once libfile('function/member');
$member = getuserbyuid($uid, 1);
if ($_GET['module'] != 'login') {
setloginstatus($member, 1296000);
$disablesec = true;
} else {
$disablesec = logincheck($member['username']);
}
} elseif ($_GET['module'] == 'login') {
$disablesec = logincheck($_GET['username']);
}
if ($disablesec) {
$_G['setting']['seccodedata'] = array();
$_G['setting']['seccodestatus'] = 0;
$_G['setting']['secqaa'] = array();
unset($_GET['force']);
define('IN_MOBILE_AUTH', $uid);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$_GET['formhash'] = $_G['formhash'];
}
}
}
if (class_exists('mobile_api', false) && method_exists('mobile_api', 'common')) {
mobile_api::common();
}
}
function on_login()
{
global $_G;
if ($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$from_connect = $this->setting['connect']['allow'] && !empty($_GET['from']) ? 1 : 0;
$seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
$seccodestatus = !empty($_GET['lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? dhtmlspecialchars($_G['cookie']['loginuser']) : '';
if (!empty($_GET['auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_GET['auth'], 'DECODE'));
$username = dhtmlspecialchars($username);
$auth = dhtmlspecialchars($_GET['auth']);
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_GET['cookietime']) ? 'checked="checked"' : '';
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if (!empty($_GET['auth'])) {
list($_GET['username'], $_GET['password']) = daddslashes(explode("\t", authcode($_GET['auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if ($_GET['fastloginfield']) {
$_GET['loginfield'] = $_GET['fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $this->setting['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
$uid = $result['ucresult']['uid'];
if (!empty($_GET['lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck)) {
$_GET['username'] = $result['ucresult']['username'];
$this->logging_more($result['ucresult']['uid'] == -3);
}
if ($result['status'] == -1) {
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true));
} else {
$init_arr = explode(',', $this->setting['initcredits']);
$groupid = $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
if ($this->extrafile && file_exists($this->extrafile)) {
require_once $this->extrafile;
}
setloginstatus($result['member'], $_GET['cookietime'] ? 2592000 : 0);
checkfollowfeed();
if ($_G['member']['lastip'] && $_G['member']['lastvisit']) {
dsetcookie('lip', $_G['member']['lastip'] . ',' . $_G['member']['lastvisit']);
}
C::t('common_member_status')->update($_G['uid'], array('lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP));
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
if ($invite['id']) {
$result = C::t('common_invite')->count_by_uid_fuid($invite['uid'], $uid);
if (!$result) {
C::t('common_invite')->update($invite['id'], array('fuid' => $uid, 'fusername' => $_G['username']));
updatestat('invite');
} else {
$invite = array();
}
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin);
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
if (empty($_GET['handlekey']) || !empty($_GET['lssubmit'])) {
if (defined('IN_MOBILE')) {
showmessage($loginmessage, $location, $param, array('location' => true));
} else {
if (!empty($_GET['lssubmit'])) {
if (!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\\'", $location);
showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false, 'showdialog' => true));
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_GET['questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
if ($_G['member_loginperm'] > 1) {
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm'] - 1));
} elseif ($_G['member_loginperm'] == -1) {
showmessage('login_password_invalid');
} else {
showmessage('login_strike');
}
}
}
}
/**
* 用户登录操作
*
* @author HanPengyu
* @param string $username 用户名.
* @param string $password 用户密码.
* @return
*/
public static function login($username, $password)
{
global $_G;
$_GET['username'] = $username;
$_GET['password'] = $password;
$_GET['questionid'] = $_GET['answer'] = '';
$_GET['loginfield'] = 'username';
require_once libfile('function/member');
require_once libfile('class/member');
require_once libfile('function/misc');
require_once libfile('function/mail');
loaducenter();
$invite = getinvite();
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (trim($_GET['username']) == '') {
return self::errorInfo('user_name_null');
}
if (!($_G['member_loginperm'] = logincheck($_GET['username']))) {
// 密码错误次数过多,请 15 分钟后重新登录,后面还会进行判断
return self::errorInfo(lang('message', 'login_strike'));
}
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
// 抱歉,密码空或包含非法字符
return self::errorInfo(lang('message', 'profile_passwd_illegal'));
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], 'username', $_G['clientip']);
if ($result['ucresult']['uid'] == '-3') {
$userInfo = DzCommonMember::getUidByUsername($result['ucresult']['username']);
$result['ucresult']['uid'] = $userInfo['uid'];
$result['member'] = $userInfo;
$result['status'] = 1;
}
$uid = $_G['uid'] = $result['ucresult']['uid'];
$userName = $result['ucresult']['username'];
$userAvatar = UserUtils::getUserAvatar($uid);
$ctlObj = new logging_ctl();
$ctlObj->setting = $_G['setting'];
if ($result['status'] == -1) {
if (!$ctlObj->setting['fastactivation']) {
// 帐号没有激活
return self::errorInfo(Yii::t('mobcent', 'location_activation'));
} else {
// 自动激活
$init_arr = explode(',', $ctlObj->setting['initcredits']);
$groupid = $ctlObj->setting['regverify'] ? 8 : $ctlObj->setting['newusergroupid'];
C::t('common_member')->insert($uid, $result['ucresult']['username'], md5(random(10)), $result['ucresult']['email'], $_G['clientip'], $groupid, $init_arr);
$result['member'] = getuserbyuid($uid);
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
// [?]额外的文件
if ($ctlObj->extrafile && file_exists($ctlObj->extrafile)) {
require_once $ctlObj->extrafile;
}
// [封装]把登录信息写入到cookie,并且更新登录的状态等。Author:HanPengyu,Data:04.09.28
self::updateCookie($result['member'], $_G['uid']);
return self::errorInfo('', 0);
} else {
$password = preg_replace("/^(.{" . round(strlen($_GET['password']) / 4) . "})(.+?)(.{" . round(strlen($_GET['password']) / 6) . "})\$/s", "\\1***\\3", $_GET['password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : $_GET['username']) . "\t" . $password . "\t" . "Ques #" . intval($_GET['questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_GET['username']);
if ($_G['member_loginperm'] > 1) {
// 登录失败,还可以尝试几次
return self::errorInfo(lang('message', 'login_invalid', array('loginperm' => $_G['member_loginperm'] - 1)));
} elseif ($_G['member_loginperm'] == -1) {
// 抱歉,您输入的密码有误
return self::errorInfo(lang('message', 'login_password_invalid'));
} else {
// 密码错误次数过多,请 15 分钟后重新登录
return self::errorInfo(lang('message', 'login_strike'));
}
}
}
if (IN_WECHAT) {
if (!$_G['uid']) {
include template('wechat:wechat_bind');
} else {
$redirect = WeChat::redirect();
if ($redirect) {
dheader('location: ' . $redirect);
} else {
dheader('location: ' . $_G['siteurl']);
}
}
} else {
dheader('location: ' . $_G['siteurl'] . 'member.php?mod=logging&action=login&referer=' . dreferer());
}
} elseif ($ac == 'login' && submitcheck('submit')) {
if (!($loginperm = logincheck($_GET['username']))) {
showmessage('login_strike');
}
if (!$_GET['password'] || $_GET['password'] != addslashes($_GET['password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_GET['username'], $_GET['password'], $_GET['questionid'], $_GET['answer'], $_G['setting']['autoidselect'] ? 'auto' : $_GET['loginfield'], $_G['clientip']);
if ($result['status'] <= 0) {
loginfailed($_GET['username']);
failedip();
showmessage('login_invalid', '', array('loginperm' => $loginperm - 1));
}
if (!$_G['wechat']['setting']['wechat_qrtype']) {
if ($wechatuser) {
if ($result['member']['uid'] != $wechatuser['uid']) {
showmessage('wechat:wechat_openid_exists');
if (sizeof($checkUserName) > 1 || sizeof($checkUserPassword) > 1) {
echo "<META HTTP-EQUIV=REFRESH CONTENT='0;URL=notchecked.php'>\n";
}
//较验特殊字母 "
$checkUserName = explode('"', $_REQUEST['username']);
$checkUserPassword = explode('"', $_REQUEST['password']);
if (sizeof($checkUserName) > 1 || sizeof($checkUserPassword) > 1) {
echo "<META HTTP-EQUIV=REFRESH CONTENT='0;URL=notchecked.php'>\n";
}
//较验特殊字母 '
$checkUserName = explode("'", $_REQUEST['username']);
$checkUserPassword = explode("'", $_REQUEST['password']);
if (sizeof($checkUserName) > 1 || sizeof($checkUserPassword) > 1) {
echo "<META HTTP-EQUIV=REFRESH CONTENT='0;URL=notchecked.php'>\n";
}
$rs_a = logincheck($_REQUEST['username'], $_REQUEST['password']);
if ($rs_a[0]['USER_NAME'] != '') {
session_start();
$rs_a[0]['THEME'] = '3';
$_SESSION['LOGIN_UID'] = $rs_a[0]['UID'];
$_SESSION['LOGIN_USER_ID'] = $rs_a[0]['USER_ID'];
$_SESSION['LOGIN_DEPT_ID'] = $rs_a[0]['DEPT_ID'];
$_SESSION['LOGIN_USER_PRIV'] = $rs_a[0]['USER_PRIV'];
$_SESSION['LOGIN_THEME'] = $rs_a[0]['THEME'];
$_SESSION['LOGIN_AVATAR'] = $rs_a[0]['AVATAR'];
$_SESSION['LOGIN_USER_NAME'] = $rs_a[0]['USER_NAME'];
$sql = "select FUNC_ID_STR from " . $表前缀 . "user_priv where USER_PRIV='" . $rs_a[0]['USER_PRIV'] . "'";
$rs_user_priv = $db->Execute($sql);
$rs_user_priv_array = $rs_user_priv->GetArray();
$FUNC_ID_STR = $rs_user_priv_array[0]['FUNC_ID_STR'];
$_SESSION['LOGIN_FUNC_ID_STR'] = $FUNC_ID_STR;
break;
case 'eval':
try { eval(r[i][1]); } catch(e){}
break;
case 'html':
setInnerHTML($(r[i][1]), r[i][2]);
break;
}
}
}
</script>
</head>
<body style="background-color:black;margin:0px;padding:0px;">
<?php
if (!logincheck(false)) {
return;
}
$iHasNews = db_count('news', 'planet_id = ' . PLANET_ID . ' AND seen = \'0\'');
$szNews = $iHasNews ? '<b style="color:red;" title="' . $iHasNews . ' new!">News</b>' : 'News';
$szAdmin = in_array(PLANET_ID, $GAMEPREFS['admins'], true) ? ' OR to_planet_id IS NULL' : '';
$iHasMail = db_count('mail', '(to_planet_id = ' . PLANET_ID . $szAdmin . ') AND seen = \'0\'');
$szMail = $iHasMail ? '<b style="color:red;">Mail</b>' : 'Mail';
$arrCurLeader = db_select('galaxies g, planets p', '1 ORDER BY score DESC LIMIT 1');
$szCurLeader = '<a style="cursor:help;" title="' . $arrCurLeader[0]['rulername'] . ' of ' . $arrCurLeader[0]['planetname'] . '" href="galaxy.php?x=' . $arrCurLeader[0]['x'] . '&y=' . $arrCurLeader[0]['y'] . '">' . ((int) PLANET_ID === (int) $arrCurLeader[0]['id'] ? '<b>You</b>' : $arrCurLeader[0]['x'] . ':' . $arrCurLeader[0]['y'] . ':' . $arrCurLeader[0]['z']) . '</a>';
$arrIncomingFleets = db_fetch('SELECT f.*, concat(p.rulername,\'</b> of <b>\',p.planetname,\'</b> (\',g.x,\':\',g.y,\':\',p.z,\')\') AS owner, (SELECT IFNULL(SUM(amount),0) FROM ships_in_fleets WHERE fleet_id = f.id) AS num_units FROM planets p, fleets f, galaxies g WHERE f.activated = \'1\' AND g.id = p.galaxy_id AND f.owner_planet_id = p.id AND destination_planet_id = ' . PLANET_ID . ' AND ( action = \'attack\' OR action = \'defend\' ) ORDER BY action ASC');
// Hier wordt achterhaald of en welke research & development er bezig is
global $research, $construction;
$research = db_fetch('SELECT a.id,a.name,p.eta,ROUND((a.eta-p.eta)/a.eta*100) AS pct FROM d_r_d_available a, planet_r_d p WHERE a.T = \'r\' AND p.r_d_id = a.id AND p.eta > 0 AND p.planet_id = ' . PLANET_ID . ';');
if ($research) {
$research = $research[0];
<?php
require_once '../../init.php';
require_once MAD_PATH . '/www/cp/auth.php';
require_once MAD_PATH . '/functions/adminredirect.php';
require_once MAD_PATH . '/www/cp/admin_functions.php';
if (logincheck()) {
MAD_Admin_Redirect::redirect('dashboard.php');
exit;
}
?>
<!doctype html>
<!--[if lt IE 7]>
<html class="no-js ie6 oldie" lang="en"> <![endif]-->
<!--[if IE 7]>
<html class="no-js ie7 oldie" lang="en"> <![endif]-->
<!--[if IE 8]>
<html class="no-js ie8 oldie" lang="en"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js" lang="en"> <!--<![endif]-->
<head>
<title><?php
echo getconfig_var('adserver_name');
?>
- Login</title>
<meta charset="utf-8"/>
<meta name="description" content=""/>
<meta name="author" content=""/>
<?php
require_once 'inc.config.php';
if (isset($_GET['ps_page']) && $_GET['ps_page'] == 'playtitelbalk') {
die("<html><head><title>" . $GAMENAME . "</title><link rel=stylesheet href=\"css/styles.css\" /></head><body bgcolor=\"black\"><base target=\"_parent\" /><table border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"828\" height=\"100%\" style=\"border-bottom:solid 0px #444444;\"><tr><td align=\"center\"><a href=\"./\">Index</a> || <a href=\"login.php\">Login</a> || <a href=\"signup.php\">Signup</a> || <a href=\"./\"><b>Play</b></a> || Ticker: <a href=\"tickah.php?SET_USER_IS_TICKER=1\" target=\"t0\">ON</a> / <a href=\"tickah.php?SET_USER_IS_TICKER=0\" target=\"t0\">OFF</a> || <a href=\"comp.php\" target=\"_parent\">Administration</a></td></tr></table></body></html>");
}
if (logincheck(false)) {
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<link rel="shortcut icon" href="/favicon.ico" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title><?php
echo $GAMENAME;
?>
</title>
</head>
<frameset rows="50,*" frameborder="0" border="0">
<frameset cols="220,*" frameborder="0" border="0">
<frame name="t0" SRC="<?php
echo !empty($_SESSION['ps_is_ticker']) ? 'tickah.php?special=yes' : 'leeg.php';
?>
" noresize="noresize" marginwidth="0" marginheight="0" scrolling="no" frameborder="0">
<frame name="a0" SRC="index.php?ps_page=playtitelbalk" noresize="noresize" marginwidth="0" marginheight="0" scrolling="auto" frameborder="0">
</frameset>
<frameset cols="220,*" frameborder="0" border="0">
<frame name="a1" SRC="menu.php" noresize="noresize" marginwidth="0" marginheight="0" scrolling="auto" frameborder="0">
function check_user_login()
{
global $_G;
$admin_email = isset($_POST['admin_email']) ? trim($_POST['admin_email']) : '';
if ($admin_email != '') {
if (logincheck($_POST['admin_email'])) {
if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && ($_G['config']['admincp']['forcesecques'] || $_G['group']['forcesecques'])) {
$this->do_user_login();
}
$result = userlogin($_POST['admin_email'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer'], 'auto', $this->core->var['clientip']);
if ($result['status'] == 1) {
if ($this->checkfounder($result['member']) || $result['member']['groupid'] == 1 || $result['member']['groupid'] == 2) {
C::t('admincp_session')->insert(array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $result['member']['groupid'], 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true);
setloginstatus($result['member'], 0);
dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid')));
} else {
$this->cpaccess = -2;
}
} else {
loginfailed($_POST['admin_email']);
}
} else {
$this->cpaccess = -4;
}
}
}
function check_user_login()
{
global $_G;
$admin_username = isset($_POST['admin_username']) ? trim($_POST['admin_username']) : '';
if ($admin_username != '') {
require_once libfile('function/member');
if (logincheck($_POST['admin_username'])) {
if ((empty($_POST['admin_questionid']) || empty($_POST['admin_answer'])) && $_G['config']['admincp']['forcesecques']) {
$this->do_user_login();
}
$result = userlogin($_POST['admin_username'], $_POST['admin_password'], $_POST['admin_questionid'], $_POST['admin_answer']);
if ($result['status'] == 1) {
$cpgroupid = DB::result_first("SELECT uid FROM " . DB::table('common_admincp_member') . " WHERE uid='{$result['member']['uid']}'");
if ($cpgroupid || $this->checkfounder($result['member'])) {
DB::insert('common_admincp_session', array('uid' => $result['member']['uid'], 'adminid' => $result['member']['adminid'], 'panel' => $this->panel, 'dateline' => TIMESTAMP, 'ip' => $this->core->var['clientip'], 'errorcount' => -1), false, true);
setloginstatus($result['member'], 0);
dheader('Location: ' . ADMINSCRIPT . '?' . cpurl('url', array('sid')));
} else {
$this->cpaccess = -2;
}
} else {
loginfailed($_POST['admin_username']);
}
} else {
$this->cpaccess = -4;
}
}
}
if (!in_array($_G['groupid'], $myrepeatsusergroups)) {
$query = DB::query("SELECT * FROM " . DB::table('myrepeats') . " WHERE username='******'username']}'");
if (!DB::num_rows($query)) {
showmessage('myrepeats:usergroup_disabled');
} else {
$permusers = array();
while ($user = DB::fetch($query)) {
$permusers[] = $user['uid'];
}
if (!DB::result_first("SELECT COUNT(*) FROM " . DB::table('common_member') . " WHERE username='******'gp_username']}' AND uid IN (" . dimplode($permusers) . ")")) {
showmessage('myrepeats:usergroup_disabled');
}
}
}
require_once libfile('function/member');
$_G['myrepeats_loginperm'] = logincheck($_G['gp_username']);
if (!$_G['myrepeats_loginperm']) {
showmessage('myrepeats:login_strike', '', array('loginperm' => $_G['myrepeats_loginperm']));
}
if (!empty($_G['gp_authorfirst']) && submitcheck('myrepeatssubmit')) {
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer']);
$_G['myrepeats_ucresult'] = $result['ucresult'];
if ($result['status'] > 0) {
$logindata = addslashes(authcode($_G['gp_password'] . "\t" . $_G['gp_questionid'] . "\t" . $_G['gp_answer'], 'ENCODE', $_G['config']['security']['authkey']));
if (DB::result_first("SELECT COUNT(*) FROM " . DB::table('myrepeats') . " WHERE uid='{$_G['uid']}' AND username='******'gp_username']}'")) {
DB::query("UPDATE " . DB::table('myrepeats') . " SET logindata='{$logindata}' WHERE uid='{$_G['uid']}' AND username='******'gp_username']}'");
} else {
DB::query("INSERT INTO " . DB::table('myrepeats') . " (uid, username, logindata, comment) VALUES ('{$_G['uid']}', '{$_G['gp_username']}', '{$logindata}', '')");
}
} else {
myrepeats_loginfailure($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer']);
define('BASEPAGE', basename($_SERVER['SCRIPT_NAME']));
define('SESSION_NAME', 'GAME_142_MPP');
define('TABLE_PLAYERS', '142_users');
define('TABLE_GAMES', '142_tables');
define('TABLE_ROUNDS', '142_rounds');
define('TABLE_CARDS', '142_cards');
define('TABLE_PLAYERS_IN_GAMES', '142_players');
define('TABLE_CARDS_IN_GAMES', '142_cards_in_games');
define('MAX_PLAYERS_EVER', 10);
require_once 'inc.db_mysql.php';
db_set(db_connect('localhost', 'usager', 'usager', 'games'));
// CLEAN UP //
#db_delete(TABLE_PLAYERS_IN_GAMES, 'last_online+16 < '.time());
// Two stages for every user: logged in, not logged in
// not logged in
if (!logincheck()) {
if (isset($_POST['username'], $_POST['password'])) {
$szMessage = 'FOUT';
$arrUser = db_select(TABLE_PLAYERS, "username = '******'username']) . "' AND password = MD5(CONCAT(id,':" . addslashes($_POST['password']) . "'))");
if (1 == count($arrUser)) {
$arrSession = array('hash' => randString(20), 'ip' => ifsetor($_SERVER['REMOTE_ADDR'], ""), 'uid' => $arrUser[0]['id']);
db_update(TABLE_PLAYERS, array('hash' => $arrSession['hash']), "id = '" . $arrSession['uid'] . "'");
$_SESSION[SESSION_NAME] = $arrSession;
$szMessage = 'INGELOGD';
}
header("Location: " . BASEPAGE . "?msg=" . $szMessage);
exit;
}
?>
<html>
function on_login()
{
global $_G;
if ($_G['uid']) {
$referer = dreferer();
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
$param = array('username' => $_G['member']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid']);
showmessage('login_succeed', $referer ? $referer : './', $param, array('showdialog' => 1, 'locationtime' => true, 'extrajs' => $ucsynlogin));
}
$from_connect = $this->setting['connect']['allow'] && !empty($_G['gp_from']) ? 1 : 0;
$seccodecheck = $from_connect ? false : $this->setting['seccodestatus'] & 2;
$seccodestatus = !empty($_G['gp_lssubmit']) ? false : $seccodecheck;
$invite = getinvite();
if (!submitcheck('loginsubmit', 1, $seccodestatus)) {
$auth = '';
$username = !empty($_G['cookie']['loginuser']) ? htmlspecialchars($_G['cookie']['loginuser']) : '';
if (!empty($_G['gp_auth'])) {
list($username, $password, $questionexist) = explode("\t", authcode($_G['gp_auth'], 'DECODE'));
$username = htmlspecialchars($username);
if ($username && $password) {
$auth = htmlspecialchars($_G['gp_auth']);
} else {
$auth = '';
}
}
$cookietimecheck = !empty($_G['cookie']['cookietime']) || !empty($_G['gp_cookietime']) ? 'checked="checked"' : '';
if ($seccodecheck) {
$seccode = random(6, 1) + $seccode[0] * 1000000;
}
if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) {
require_once libfile('member/' . $this->extrafile, 'module');
}
$navtitle = lang('core', 'title_login');
include template($this->template);
} else {
if (!empty($_G['gp_auth'])) {
list($_G['gp_username'], $_G['gp_password']) = daddslashes(explode("\t", authcode($_G['gp_auth'], 'DECODE')));
}
if (!($_G['member_loginperm'] = logincheck($_G['gp_username']))) {
showmessage('login_strike');
}
if ($_G['gp_fastloginfield']) {
$_G['gp_loginfield'] = $_G['gp_fastloginfield'];
}
$_G['uid'] = $_G['member']['uid'] = 0;
$_G['username'] = $_G['member']['username'] = $_G['member']['password'] = '';
if (!$_G['gp_password'] || $_G['gp_password'] != addslashes($_G['gp_password'])) {
showmessage('profile_passwd_illegal');
}
$result = userlogin($_G['gp_username'], $_G['gp_password'], $_G['gp_questionid'], $_G['gp_answer'], $this->setting['autoidselect'] ? 'auto' : $_G['gp_loginfield']);
$uid = $result['ucresult']['uid'];
if (!empty($_G['gp_lssubmit']) && ($result['ucresult']['uid'] == -3 || $seccodecheck && $result['status'] > 0)) {
$_G['gp_username'] = $result['ucresult']['username'];
$_G['gp_password'] = stripslashes($_G['gp_password']);
$this->logging_more($result['ucresult']['uid'] == -3);
}
if ($result['status'] == -1) {
if (!$this->setting['fastactivation']) {
$auth = authcode($result['ucresult']['username'] . "\t" . FORMHASH, 'ENCODE');
showmessage('location_activation', 'member.php?mod=' . $this->setting['regname'] . '&action=activation&auth=' . rawurlencode($auth) . '&referer=' . rawurlencode(dreferer()), array(), array('location' => true));
} else {
$result = daddslashes($result);
$init_arr = explode(',', $this->setting['initcredits']);
DB::insert('common_member', array('uid' => $uid, 'username' => $result['ucresult']['username'], 'password' => md5(random(10)), 'email' => $result['ucresult']['email'], 'adminid' => 0, 'groupid' => $this->setting['regverify'] ? 8 : $this->setting['newusergroupid'], 'regdate' => TIMESTAMP, 'credits' => $init_arr[0], 'timeoffset' => 9999));
DB::insert('common_member_status', array('uid' => $uid, 'regip' => $_G['clientip'], 'lastip' => $_G['clientip'], 'lastvisit' => TIMESTAMP, 'lastactivity' => TIMESTAMP, 'lastpost' => 0, 'lastsendmail' => 0));
DB::insert('common_member_profile', array('uid' => $uid));
DB::insert('common_member_field_forum', array('uid' => $uid));
DB::insert('common_member_field_home', array('uid' => $uid));
DB::insert('common_member_count', array('uid' => $uid, 'extcredits1' => $init_arr[1], 'extcredits2' => $init_arr[2], 'extcredits3' => $init_arr[3], 'extcredits4' => $init_arr[4], 'extcredits5' => $init_arr[5], 'extcredits6' => $init_arr[6], 'extcredits7' => $init_arr[7], 'extcredits8' => $init_arr[8]));
manyoulog('user', $uid, 'add');
$result['member'] = DB::fetch_first("SELECT * FROM " . DB::table('common_member') . " WHERE uid='{$uid}'");
$result['status'] = 1;
}
}
if ($result['status'] > 0) {
if ($this->extrafile && file_exists(libfile('member/' . $this->extrafile, 'module'))) {
require_once libfile('member/' . $this->extrafile, 'module');
}
setloginstatus($result['member'], $_G['gp_cookietime'] ? 2592000 : 0);
DB::query("UPDATE " . DB::table('common_member_status') . " SET lastip='" . $_G['clientip'] . "', lastvisit='" . time() . "', lastactivity='" . TIMESTAMP . "' WHERE uid='{$_G['uid']}'");
$ucsynlogin = $this->setting['allowsynlogin'] ? uc_user_synlogin($_G['uid']) : '';
if ($invite['id']) {
$result = DB::result_first("SELECT COUNT(*) FROM " . DB::table('common_invite') . " WHERE uid='{$invite['uid']}' AND fuid='{$uid}'");
if (!$result) {
DB::update("common_invite", array('fuid' => $uid, 'fusername' => $_G['username']), array('id' => $invite['id']));
updatestat('invite');
} else {
$invite = array();
}
}
if ($invite['uid']) {
require_once libfile('function/friend');
friend_make($invite['uid'], $invite['username'], false);
dsetcookie('invite_auth', '');
if ($invite['appid']) {
updatestat('appinvite');
}
}
$param = array('username' => $result['ucresult']['username'], 'usergroup' => $_G['group']['grouptitle'], 'uid' => $_G['member']['uid'], 'groupid' => $_G['groupid'], 'syn' => $ucsynlogin ? 1 : 0);
$extra = array('showdialog' => true, 'locationtime' => true, 'extrajs' => $ucsynlogin);
$loginmessage = $_G['groupid'] == 8 ? 'login_succeed_inactive_member' : 'login_succeed';
$location = $invite || $_G['groupid'] == 8 ? 'home.php?mod=space&do=home' : dreferer();
if (empty($_G['gp_handlekey']) || !empty($_G['gp_lssubmit'])) {
if (defined('IN_MOBILE')) {
showmessage('location_login_succeed_mobile', $location, array('username' => $result['ucresult']['username']), array('location' => true));
} else {
if (!empty($_G['gp_lssubmit'])) {
if (!$ucsynlogin) {
$extra['location'] = true;
}
showmessage($loginmessage, $location, $param, $extra);
} else {
$href = str_replace("'", "\\'", $location);
showmessage('location_login_succeed', $location, array(), array('showid' => 'succeedmessage', 'extrajs' => '<script type="text/javascript">' . 'setTimeout("window.location.href =\'' . $href . '\';", 3000);' . '$(\'succeedmessage_href\').href = \'' . $href . '\';' . '$(\'main_message\').style.display = \'none\';' . '$(\'main_succeed\').style.display = \'\';' . '$(\'succeedlocation\').innerHTML = \'' . lang('message', $loginmessage, $param) . '\';</script>' . $ucsynlogin, 'striptags' => false));
}
}
} else {
showmessage($loginmessage, $location, $param, $extra);
}
} else {
$password = preg_replace("/^(.{" . round(strlen($_G['gp_password']) / 4) . "})(.+?)(.{" . round(strlen($_G['gp_password']) / 6) . "})\$/s", "\\1***\\3", $_G['gp_password']);
$errorlog = dhtmlspecialchars(TIMESTAMP . "\t" . ($result['ucresult']['username'] ? $result['ucresult']['username'] : dstripslashes($_G['gp_username'])) . "\t" . $password . "\t" . "Ques #" . intval($_G['gp_questionid']) . "\t" . $_G['clientip']);
writelog('illegallog', $errorlog);
loginfailed($_G['gp_username']);
$fmsg = $result['ucresult']['uid'] == '-3' ? empty($_G['gp_questionid']) || $answer == '' ? 'login_question_empty' : 'login_question_invalid' : 'login_invalid';
showmessage($fmsg, '', array('loginperm' => $_G['member_loginperm']));
}
}
}