/**
* 解密客户端秘钥,获取用户数据
*/
private function deciphering_user_info()
{
//获取加密身份标示
$identity_encryption = $this->_post('user_key');
// $identity_encryption = $this->_get('user_key');
//$identity_encryption = "CGsAOQdmDDMNNlQ0BTAEPgQ0AWpRNlFgC2hXb1IxVzBVNVNkBXgCPllkAnkDNwU1";
//解密获取用户数据
$decrypt = passport_decrypt($identity_encryption, C('UNLOCAKING_KEY'));
$user_info = explode(':', $decrypt);
$uid = $user_info[0];
//用户id
$account = $user_info[1];
//用户账号
$date = $user_info[2];
//账号时间
//安全过滤
if (count($user_info) < 3) {
$this->callback(C('STATUS_OTHER'), '身份验证失败');
}
if (countDays($date, date('Y-m-d'), 1) >= 30) {
$this->callback(C('STATUS_NOT_LOGIN'), '登录已过期,请重新登录');
}
//钥匙过期时间为30天
//去数据库获取用户数据
$user_data = D('Users')->field('id,account,type,name')->where(array('id' => $uid, 'status' => 0))->find();
if (empty($user_data)) {
$this->callback(C('STATUS_NOT_DATA'), '此用户不存在,或被禁用');
} else {
$this->oUser = (object) $user_data;
}
}
*/
define('IN_ECS', true);
require './init.php';
require_once ROOT_PATH . 'includes/cls_json.php';
$json = new JSON();
$hash_code = $db->getOne("SELECT `value` FROM " . $ecs->table('ecsmart_shop_config') . " WHERE `code`='hash_code'", true);
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if (empty($_REQUEST['verify']) || empty($_REQUEST['auth']) || empty($_REQUEST['action'])) {
$results = array('result' => 'false', 'data' => '缺少必要的参数');
exit($json->encode($results));
}
if ($_REQUEST['verify'] != md5($hash_code . $_REQUEST['action'] . $_REQUEST['auth'])) {
$results = array('result' => 'false', 'data' => '数据来源不合法,请返回');
exit($json->encode($results));
}
parse_str(passport_decrypt($_REQUEST['auth'], $hash_code), $data);
switch ($action) {
case 'get_goods_info':
$shop_id = isset($data['shop_id']) ? intval($data['shop_id']) : 0;
$record_number = isset($data['record_number']) ? intval($data['record_number']) : 20;
$page_number = isset($data['page_number']) ? intval($data['page_number']) : 0;
$limit = ' LIMIT ' . $record_number * $page_number . ', ' . ($record_number + 1);
$sql = "SELECT `goods_id`, `goods_name`, `goods_number`, `shop_price`, `keywords`, `goods_brief`, `goods_thumb`, `goods_img`, `last_update` FROM " . $ecs->table('goods') . " WHERE `is_delete`='0' ORDER BY `goods_id` ASC {$limit} ";
$results = array('result' => 'false', 'next' => 'false', 'data' => array());
$query = $db->query($sql);
$record_count = 0;
while ($goods = $db->fetch_array($query)) {
$goods['goods_thumb'] = !empty($goods['goods_thumb']) ? 'http://' . $_SERVER['SERVER_NAME'] . '/' . $goods['goods_thumb'] : '';
$goods['goods_img'] = !empty($goods['goods_img']) ? 'http://' . $_SERVER['SERVER_NAME'] . '/' . $goods['goods_img'] : '';
$results['data'][] = $goods;
$record_count++;
} else {
$key = strrev($key_str);
if (!empty($_config['vodkey'])) {
$key = passport_decrypt($key, $_config['vodkey']);
}
}
}
if (strpos($type_str, '.')) {
list($type, $hds) = explode('.', strrev($type_str), 2);
} else {
$type = strtolower(strrev($type_str));
}
}
if (!empty($url)) {
if (!empty($_config['vodkey'])) {
$url = passport_decrypt($url, $_config['vodkey']);
}
if (strpos($url, '.')) {
$host = parse_url($url, PHP_URL_HOST);
if (empty($host)) {
$host = parse_url('http://' . $url, PHP_URL_HOST);
}
} else {
if (b64UrlCheck($url) == true) {
$url = strpos(base64_decode($url), '://') ? base64_decode($url) : 'http://' . base64_decode($url);
} else {
header("Content-Type: text/html;charset=utf-8");
echo '对不起!我们暂时不提供该网站的解析.' . die;
}
}
$host = parse_url($url, PHP_URL_HOST);
if (PHP_VERSION < '4.1.0') {
$_GET =& $HTTP_GET_VARS;
$_SERVER =& $HTTP_SERVER_VARS;
}
chdir('../');
require_once './config.inc.php';
require_once './include/db_' . $database . '.class.php';
require_once './forumdata/cache/cache_settings.php';
if ($_DCACHE['settings']['passport_status'] != 'shopex') {
exit('Passport disabled');
} elseif ($_GET['verify'] != md5($_GET['action'] . $_GET['auth'] . $_GET['forward'] . $_DCACHE['settings']['passport_key'])) {
exit('Illegal request');
}
if ($_GET['action'] == 'login') {
$memberfields = $remoteinfo = array();
parse_str(passport_decrypt($_GET['auth'], $_DCACHE['settings']['passport_key']), $member);
foreach ($member as $key => $val) {
if (in_array($key, array('username', 'password', 'email', 'credits', 'gender', 'bday', 'regip', 'regdate', 'site', 'qq', 'msn', 'yahoo'))) {
$memberfields[$key] = addslashes($val);
} elseif (in_array($key, array('cookietime', 'time'))) {
$remoteinfo[$key] = $val;
} elseif ($key == 'isadmin') {
if ($val) {
$memberfields['groupid'] = $memberfields['adminid'] = 1;
}
}
}
if (strlen($memberfields['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $memberfields['username'])) > 15) {
$memberfields['username'] = substr($memberfields['username'], 0, 15);
}
if (empty($remoteinfo['time']) || empty($memberfields['username']) || empty($memberfields['password']) || empty($memberfields['email'])) {
return $lResult;
}
$sql = "select * from xuliehao where xuliehao = '{$mdxuliehao}' ";
$result = mysql_query($sql);
$numberOfRows = MYSQL_NUM_ROWS($result);
if ($numberOfRows == 0) {
echo "<script language='javascript'>";
echo "alert('很抱歉,您输入的序列号不正确。');";
echo "location.href='javascript:history.go(-1)';";
echo "</script>";
exit;
} else {
$query = mysql_fetch_array($result);
$usenum = $query[usenum];
$miyao = $query[miyao];
$miyao = passport_decrypt($miyao, $keyd);
if ($usenum < 10) {
$id = $query[id];
$usenum = $usenum + 1;
$sql = "UPDATE xuliehao SET usenum = '{$usenum}' , anzhuangma = '{$anzhuangnumd}' \r\n\t\t WHERE id = '{$id}'";
$result = MYSQL_QUERY($sql);
if ($phonetype != "") {
$sql = "UPDATE xuliehao SET phonetyped = '{$phonetype}' \r\n\t\t WHERE id = '{$id}'";
$result = MYSQL_QUERY($sql);
}
$timed = time();
$timed = date('Y-m-d H:i:n', $timed);
if ($usenum == 1) {
$sql = "UPDATE xuliehao SET fristtime = '{$timed}' , lasttime = '{$timed}' \r\n\t\t\t WHERE id = '{$id}'";
$result = MYSQL_QUERY($sql);
}
private function getCookie($name)
{
if (isset($_COOKIE[$name])) {
return passport_decrypt($_COOKIE[$name]);
} else {
return null;
}
}
if ($pptout_file == '08cms') {
$verify = md5("{$_GET['action']}{$_GET['auth']}{$_GET['forward']}{$pptin_key}");
} elseif ($pptout_file == 'phpwind') {
$verify = md5("{$_GET['action']}{$_GET['userdb']}{$_GET['forward']}{$pptin_key}");
$_GET['action'] == 'quit' && ($_GET['action'] = 'logout');
} else {
die('No passport interface!');
}
if (empty($enable_pptin) || $_GET['verify'] != $verify) {
empty($_GET['forward']) || header("Location: {$_GET['forward']}");
exit;
}
if ($_GET['action'] == 'login') {
$userinfos = $ckinfos = array();
if ($pptout_file == '08cms') {
parse_str(passport_decrypt($_GET['auth'], $pptin_key), $datas);
foreach ($datas as $k => $v) {
if (in_array($k, array('mname', 'password', 'email'))) {
$userinfos[$k] = addslashes($v);
} elseif (in_array($k, array('cookietime', 'time'))) {
$ckinfos[$k] = $v;
}
}
} elseif ($pptout_file == 'phpwind') {
include M_ROOT . "include/charset.fun.php";
$db_hash = $pptin_key;
parse_str(StrCode($_GET['userdb'], 'DECODE'), $userdb);
$userinfos['mname'] = addslashes(convert_encoding($pptout_charset, $mcharset, $userdb['username']));
$userinfos['password'] = md5($userdb['password']);
$userinfos['email'] = addslashes($userdb['email']);
$ckinfos['time'] = $userdb['time'];
function __md5($str)
{
return passport_decrypt($str, KEY_WORD);
}
/**
* 验证会员
* $member_name 会员名
* $password 密码
* $type 登陆类型
* $appid
* $appkey
*/
public function verify_member()
{
try {
$encrypt = $this->input['encrypt'] ? intval($this->input['encrypt']) : 0;
$platform_id = trim($this->input['platform_id']);
$password = $encrypt ? passport_decrypt(trim($this->input['password']), CUSTOM_APPKEY) : trim($this->input['password']);
$type = trim($this->input['type']);
$_type = trim($this->input['_type']);
//防止本地M2O同步至UC后,再次验证本地密码BUG。
$identifierUserSystem = new identifierUserSystem();
$identifier = $identifierUserSystem->setIdentifier((int) $this->input['identifier'])->checkIdentifier();
//多用户系统
$ip = hg_getip();
$need_password_type = array('shouji', 'm2o', 'email');
$appid = intval($this->input['appid']);
$appkey = trim($this->input['appkey']);
//会员名
if (!$platform_id) {
$this->errorOutput(NO_MEMBER_NAME);
}
//密码
if (!$password && in_array($type, $need_password_type)) {
$this->errorOutput(NO_PASSWORD);
}
$condition = " AND mb.platform_id = '" . $platform_id . "' AND mb.type = '" . $type . "' AND mb.identifier = '" . $identifier . '\'';
$_bind = $this->mMember->get_bind_info($condition);
$bind = array();
if (is_array($_bind) && count($_bind) > 1) {
foreach ($_bind as $v) {
if ($v['inuc'] > 0) {
$bind = $v;
break;
}
}
} elseif (is_array($_bind)) {
$bind = $_bind[0];
}
$member_id = intval($bind['member_id']);
$platform_id = $bind['platform_id'];
$condition = " AND m.member_id = " . $member_id;
$fileds_array = array('member_id', 'member_name', 'password', 'salt', 'avatar', 'type', 'type_name', 'gid', 'gradeid', 'guid', 'signature', 'mobile', 'email', 'isVerify', 'identifier', 'last_login_device');
$fields = implode(',', $fileds_array);
$member_info = $this->mMember->get_member_info($condition, $fields);
$member_info = $member_info[0];
if (empty($member_info)) {
$this->errorOutput(LOGIN_NOMEMBER_ERROR);
}
$isComplete = isUserComplete($member_info['type']);
if (in_array($type, $need_password_type) && $_type != 'uc') {
$encrypt_num = intval($this->input['encrypt_num']);
if ($encrypt_num == 1) {
$md5_password = md5($password . $member_info['salt']);
} else {
$md5_password = md5(md5($password) . $member_info['salt']);
}
if ($md5_password != $member_info['password']) {
$this->errorOutput(PASSWORD_ERROR);
}
} else {
//验证新浪微博、腾讯微博、QQ、人人、豆瓣 等 用户信息
//暂时不作处理
}
//积分规则调用
$credit_rules = $this->Members->credits_rule('members_login_login', $member_info['member_id'], $coef = 1, $update = 1, APP_UNIQUEID);
$copywriting_credit = copywriting_credit(array($credit_rules));
$check_Bind = new check_Bind();
$inuc = $check_Bind->check_uc($member_id, $type);
if (!$inuc && ($_type == 'm2o' || $type == 'm2o') && $member_info['email']) {
if ($inuc = $this->mMember->syncUcRegister($member_id, $member_info['member_name'], $password, $member_info['email'])) {
$platform_id = $inuc;
}
}
$return = array('user_id' => $member_info['member_id'], 'platform_id' => (string) $platform_id, 'inuc' => $inuc, 'user_name' => $member_info['member_name'], 'nick_name' => $bind['nick_name'], 'type' => $member_info['type'], 'avatar' => $member_info['avatar'], 'copywriting' => '登录成功', 'copywriting_credit' => $copywriting_credit, 'isVerify' => $member_info['isVerify'], 'identifier' => $member_info['identifier'], 'isComplete' => $isComplete);
$return = array_merge($return, $member_info);
$this->addItem($return);
$this->output();
} catch (Exception $e) {
$this->errorOutput($e->getMessage(), $e->getCode());
}
}
<tr>
<td width="60" height="20"><?php
echo $query[id];
?>
</td>
<td width="260" height="20"><?php
echo $query[xuliehao];
?>
</td>
<td width="270" height="20"><?php
echo $query[anzhuangma];
?>
</td>
<?php
$jihuoma = $query[jihuoma];
$jihuoma = passport_decrypt($jihuoma, $keyd);
?>
<td width="270" height="20"><?php
echo $jihuoma;
?>
</td>
<?php
// $usenum=$query[usenum];
// $usenum=decrypt($usenum,$numkey);
?>
<td width="50" height="20"><?php
echo $query[usenum];
?>
</td>
<td width="160" height="20"><?php
echo $query[fristtime];
