/** * 记录输入日志 * * @param string $str_sp "BBK" "HS" * @param string $str_request_type "MO", "MR" * @param string $error_message */ function insert_log($dao, $query_string, $str_sp, &$optype, &$para, &$error_message) { //$query_string = $_SERVER["QUERY_STRING"]; init_log($str_sp); interface_log(INFO, 0, "request: " . $query_string); $query_url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']; $log_data = array('record_type' => 0, 'ip' => $_SERVER['REMOTE_ADDR'], 'url' => $query_url, 'content' => $query_string, 'create_time' => date('Y-m-d H:i:s')); $query_string = urldecode($query_string); parse_str($query_string, $para); //print "para:".var_export($para, true); if (isset($para['status']) || isset($para['statestr'])) { $log_data['op_type'] = 1; //MR $optype = 1; $str_sp .= "_MR"; } else { $log_data['op_type'] = 0; //MO $optype = 0; $str_sp .= "_MO"; } $ret = $dao->AddLog($log_data, $error_message); if ($ret != 0) { live_log(ERROR, $ret, $error_message); return EC_ACCESS_DB_ERROR; } //print "<p> str_sp: $str_sp.<p>"; $bRet = CheckInput($str_sp, $para); if (!$bRet) { $error_message = "invalid input."; live_log(ERROR, EC_INVALID_INPUT, $error_message); return EC_INVALID_INPUT; } return EC_OK; }
/** * Store the new user and display all users again */ function new_user_save() { global $Pivot_Vars, $Cfg, $Users; // check against unauthorised direct access. check_csrf(); $userfields = get_userfields(1); if (CheckInput($Pivot_Vars['username'], 2, 0) == 1) { $userfields[0][2] = lang('userinfo', 'username_too_short'); $Piverr++; } elseif (CheckInput($Pivot_Vars['username'], 2, 0) == 0) { $userfields[0][2] = lang('userinfo', 'username_not_valid'); $Piverr++; } if (isset($Users[$Pivot_Vars['username']])) { $userfields[0][2] = lang('userinfo', 'username_in_use'); $Piverr++; } if (ltrim(rtrim(strtolower($Pivot_Vars['pass1']))) != ltrim(rtrim(strtolower($Pivot_Vars['pass2'])))) { $userfields[2][2] = lang('userinfo', 'pass_dont_match'); $Piverr++; } if (CheckInput($Pivot_Vars['pass1'], 4, 0) == 1) { $userfields[1][2] = lang('userinfo', 'pass_too_short'); $Piverr++; } if ($Piverr > 0) { $userfields[0][4] = $Pivot_Vars['username']; $userfields[3][6] = $Pivot_Vars['userlevel']; new_user(1, $userfields); } else { if ($Pivot_Vars['userlevel'] == 3 && $Pivot_Vars['confirmed'] != 1) { $vars = array('username', $Pivot_Vars['username'], 'pass1', $Pivot_Vars['pass1'], 'pass2', $Pivot_Vars['pass2'], 'email', $Pivot_Vars['email'], 'userlevel', $Pivot_Vars['userlevel']); ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $Pivot_Vars['username'])); } elseif ($Pivot_Vars['userlevel'] < 3 || $Pivot_Vars['confirmed'] == 1) { $Users[$Pivot_Vars['username']]['pass'] = md5($Pivot_Vars['pass1']); $Users[$Pivot_Vars['username']]['email'] = $Pivot_Vars['email']; $Users[$Pivot_Vars['username']]['userlevel'] = $Pivot_Vars['userlevel']; $Users[$Pivot_Vars['username']]['language'] = $Pivot_Vars['language']; $Users[$Pivot_Vars['username']]['wysiwyg'] = $Pivot_Vars['wysiwyg']; $Users[$Pivot_Vars['username']]['username'] = $Pivot_Vars['username']; $Users[$Pivot_Vars['username']]['nick'] = $Pivot_Vars['username']; $Users[$Pivot_Vars['username']]['view'] = $Pivot_Vars['view']; $Cfg['users'] .= '|' . $Pivot_Vars['username']; // set the categories., $cats = cfg_cats(); foreach ($cats as $category) { $allowed_users = explode("|", $Cfg['cat-' . $category['name']]); if (isset($Pivot_Vars['allowed'][urlencode($category['name'])])) { // add the user (and ensure it's only added once) .. $allowed_users[] = $Pivot_Vars['username']; $allowed_users = array_unique($allowed_users); } else { // remove the user (in case the same name have been used and // assigned to this category before) if (in_array($Pivot_Vars['username'], $allowed_users)) { foreach ($allowed_users as $key => $user) { if ($user == $Pivot_Vars['username']) { unset($allowed_users[$key]); } } } } $Cfg['cat-' . $category['name']] = implode("|", $allowed_users); } SaveSettings(); see_users(); } } }