public function view_islogin() { $user = !empty($_GET['user']) ? $_GET['user'] : ''; $sign = $_GET['sign']; $domain = $_GET['domain']; $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 0; $return = isset($_GET['return']) ? urldecode($_GET['return']) : ''; require_once 'PassportModel.class.php'; if ($redirect) { if ($this->_verifySign($domain, md5($user . $domain), $sign)) { $userinfo = authenticate(); if ($userinfo) { if (strpos($return, '?') !== false) { $return .= '&ticket=' . PassportModel::packTicket($userinfo['ticket'], $user); } else { $return .= '?ticket=' . PassportModel::packTicket($userinfo['ticket'], $user); } //echo $return;die; header("Location:" . $return); } else { header("Location:" . $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login&forward=" . urlencode($return)); } } else { die("Signature Invalid!"); } } else { if ($this->_verifySign($domain, md5($user . $domain), $sign)) { $pass = new PassportModel(); $ticket = $pass->getTicketByUser($user); if ($ticket) { $msg['s'] = 200; $msg['m'] = "success!"; $msg['d'] = PassportModel::packTicket($ticket, $user); } else { $msg['s'] = 300; $msg['m'] = "Not Login!"; $msg['d'] = $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login"; } } else { $msg['s'] = 400; $msg['m'] = "Signature Invalid!"; $msg['d'] = ''; } json_output($msg); } }
function op_dologin() { $forward = !empty($_POST['forward']) ? urldecode($_POST['forward']) : ''; $user = $_POST['user']; $user_passwd = $_POST['password']; $sign = $_POST['s']; if (isset($_SESSION['pwd_error']) && isset($_POST['code'])) { $vcode = strtolower($_POST['code']); if ($vcode != strtolower($_SESSION['validatecode'])) { $msg = array('s' => 400, 'm' => lang('codeinvalid'), 'd' => ''); exit(json_output($msg)); } } //signature if ($sign != hmac($_SESSION['_XppassSignKey'], $user_passwd)) { $msg = array('s' => 400, 'm' => lang('illegalsignon'), 'd' => ''); exit(json_output($msg)); } $cookie_remember = !empty($_POST['remember']) ? $_POST['remember'] : '0'; include_once "PassportModel.class.php"; $passmod = new PassportModel(); $user_arr = $passmod->getUser($user); if ($user_arr) { $user_info = $passmod->getUserById($user_arr['user_id'], $user); if ($user_info['user_password'] == PassportModel::encryptpwd($user_passwd, $user, 1)) { if (isset($_SESSION['pwd_error'])) { unset($_SESSION['pwd_error']); } if ($user_info['user_state'] == 1) { $updates['user_lastlogin_time'] = time(); $updates['user_lastlogin_ip'] = getip(); $passmod->updateUser($updates, $user_arr['user_id'], $user); $user_info['autologin'] = $cookie_remember; //auto login $this->save_online_user($user_info); $_SESSION['_XppassSignKey'] = ''; // log //curl_get_content($GLOBALS ['gSiteInfo'] ['stats_site_url']."/loginlog.php?user="******"&userid=".$user ['user_id']); if (!empty($forward)) { $forward .= strpos($forward, '?') !== false ? "&" : "?"; $forward = preg_replace("/(.*?)(&+)/i", "\\1&", $forward); $forward .= "ticket=" . PassportModel::packTicket(PassportModel::generateTicket(), $user); $msg = array('s' => 200, 'm' => "ok", 'd' => $forward); exit(json_output($msg)); } else { $msg = array('s' => 200, 'm' => "ok", 'd' => $GLOBALS['gSiteInfo']['www_site_url'] . "/index.php"); exit(json_output($msg)); } } else { $msg = lang('userforbidden'); } } else { if (isset($_SESSION['pwd_error'])) { $_SESSION['pwd_error'] = $_SESSION['pwd_error'] + 1; } else { $_SESSION['pwd_error'] = 1; } if ($_SESSION['pwd_error'] > 3) { $msg = "reload"; } else { $msg = lang('pwdwrong'); } } } else { if (isset($_SESSION['pwd_error'])) { $_SESSION['pwd_error'] = $_SESSION['pwd_error'] + 1; } else { $_SESSION['pwd_error'] = 1; } if ($_SESSION['pwd_error'] > 3) { $msg = "reload"; } else { $msg = lang('usernotexist'); } } $msg = array('s' => 400, 'm' => $msg, 'd' => ''); exit(json_output($msg)); }