public function view_islogin()
{
$user = !empty($_GET['user']) ? $_GET['user'] : '';
$sign = $_GET['sign'];
$domain = $_GET['domain'];
$redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 0;
$return = isset($_GET['return']) ? urldecode($_GET['return']) : '';
require_once 'PassportModel.class.php';
if ($redirect) {
if ($this->_verifySign($domain, md5($user . $domain), $sign)) {
$userinfo = authenticate();
if ($userinfo) {
if (strpos($return, '?') !== false) {
$return .= '&ticket=' . PassportModel::packTicket($userinfo['ticket'], $user);
} else {
$return .= '?ticket=' . PassportModel::packTicket($userinfo['ticket'], $user);
}
//echo $return;die;
header("Location:" . $return);
} else {
header("Location:" . $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login&forward=" . urlencode($return));
}
} else {
die("Signature Invalid!");
}
} else {
if ($this->_verifySign($domain, md5($user . $domain), $sign)) {
$pass = new PassportModel();
$ticket = $pass->getTicketByUser($user);
if ($ticket) {
$msg['s'] = 200;
$msg['m'] = "success!";
$msg['d'] = PassportModel::packTicket($ticket, $user);
} else {
$msg['s'] = 300;
$msg['m'] = "Not Login!";
$msg['d'] = $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login";
}
} else {
$msg['s'] = 400;
$msg['m'] = "Signature Invalid!";
$msg['d'] = '';
}
json_output($msg);
}
}
function op_dologin()
{
$forward = !empty($_POST['forward']) ? urldecode($_POST['forward']) : '';
$user = $_POST['user'];
$user_passwd = $_POST['password'];
$sign = $_POST['s'];
if (isset($_SESSION['pwd_error']) && isset($_POST['code'])) {
$vcode = strtolower($_POST['code']);
if ($vcode != strtolower($_SESSION['validatecode'])) {
$msg = array('s' => 400, 'm' => lang('codeinvalid'), 'd' => '');
exit(json_output($msg));
}
}
//signature
if ($sign != hmac($_SESSION['_XppassSignKey'], $user_passwd)) {
$msg = array('s' => 400, 'm' => lang('illegalsignon'), 'd' => '');
exit(json_output($msg));
}
$cookie_remember = !empty($_POST['remember']) ? $_POST['remember'] : '0';
include_once "PassportModel.class.php";
$passmod = new PassportModel();
$user_arr = $passmod->getUser($user);
if ($user_arr) {
$user_info = $passmod->getUserById($user_arr['user_id'], $user);
if ($user_info['user_password'] == PassportModel::encryptpwd($user_passwd, $user, 1)) {
if (isset($_SESSION['pwd_error'])) {
unset($_SESSION['pwd_error']);
}
if ($user_info['user_state'] == 1) {
$updates['user_lastlogin_time'] = time();
$updates['user_lastlogin_ip'] = getip();
$passmod->updateUser($updates, $user_arr['user_id'], $user);
$user_info['autologin'] = $cookie_remember;
//auto login
$this->save_online_user($user_info);
$_SESSION['_XppassSignKey'] = '';
// log
//curl_get_content($GLOBALS ['gSiteInfo'] ['stats_site_url']."/loginlog.php?user="******"&userid=".$user ['user_id']);
if (!empty($forward)) {
$forward .= strpos($forward, '?') !== false ? "&" : "?";
$forward = preg_replace("/(.*?)(&+)/i", "\\1&", $forward);
$forward .= "ticket=" . PassportModel::packTicket(PassportModel::generateTicket(), $user);
$msg = array('s' => 200, 'm' => "ok", 'd' => $forward);
exit(json_output($msg));
} else {
$msg = array('s' => 200, 'm' => "ok", 'd' => $GLOBALS['gSiteInfo']['www_site_url'] . "/index.php");
exit(json_output($msg));
}
} else {
$msg = lang('userforbidden');
}
} else {
if (isset($_SESSION['pwd_error'])) {
$_SESSION['pwd_error'] = $_SESSION['pwd_error'] + 1;
} else {
$_SESSION['pwd_error'] = 1;
}
if ($_SESSION['pwd_error'] > 3) {
$msg = "reload";
} else {
$msg = lang('pwdwrong');
}
}
} else {
if (isset($_SESSION['pwd_error'])) {
$_SESSION['pwd_error'] = $_SESSION['pwd_error'] + 1;
} else {
$_SESSION['pwd_error'] = 1;
}
if ($_SESSION['pwd_error'] > 3) {
$msg = "reload";
} else {
$msg = lang('usernotexist');
}
}
$msg = array('s' => 400, 'm' => $msg, 'd' => '');
exit(json_output($msg));
}
