function LogIn($username, $password, $must_be_admin = false)
{
LogOut();
if (($user_info = CheckCredentials($username, $password, $must_be_admin)) !== false) {
$session_id = CreateSession($user_info['user_id']);
setcookie(SESSION_COOKIE_NAME, $session_id);
$_COOKIE[SESSION_COOKIE_NAME] = $session_id;
}
return $user_info;
}
<?php
include __DIR__ . '/common.php';
require __DIR__ . '/language/' . ForumLanguage . '/login.php';
$Error = '';
$ErrorCode = 101000;
$UserName = '';
$ReturnUrl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER["HTTP_REFERER"]) : '';
if (isset($_GET['logout']) && $_GET['logout'] == $CurUserCode) {
LogOut();
if ($ReturnUrl) {
header('location: ' . $ReturnUrl);
exit('logout');
} else {
header('location: ' . $Config['WebsitePath'] . '/');
exit('logout');
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' || $IsApp) {
if (!ReferCheck(Request('Post', 'FormHash'))) {
AlertMsg($Lang['Error_Unknown_Referer'], $Lang['Error_Unknown_Referer'], 403);
}
$ReturnUrl = htmlspecialchars(Request('Post', 'ReturnUrl'));
$UserName = strtolower(Request('Post', 'UserName'));
$Password = Request('Post', 'Password');
$Expires = min(intval(Request('Post', 'Expires', 30)), 30);
//最多保持登陆30天
$VerifyCode = intval(Request('Post', 'VerifyCode'));
do {
if (!$UserName || !$Password || !$VerifyCode) {
$Error = $Lang['Forms_Can_Not_Be_Empty'];
function CheckAuth()
{
$adminLib =& new adminlogin();
if (isset($_GET['p']) && $_GET['p'] == 'logout') {
LogOut();
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
auth();
} else {
if (!isset($_SESSION['log'])) {
$login = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if ($adminLib->checkAdmin($login, $password)) {
session_register('log');
$_SESSION['log'] = $login;
} else {
auth();
}
}
}
}
function Close($message)
{
LogOut();
if (file_exists("Cookies.txt")) {
unlink("Cookies.txt");
}
echo $message . "\n";
sleep(2);
die;
}
function deleteAccount2($profile_vars, $post_errors, $memID)
{
global $user_info, $sourcedir, $context, $cur_profile, $modSettings, $smcFunc;
// Try get more time...
@set_time_limit(600);
// !!! Add a way to delete pms as well?
if (!$context['user']['is_owner']) {
isAllowedTo('profile_remove_any');
} elseif (!allowedTo('profile_remove_any')) {
isAllowedTo('profile_remove_own');
}
checkSession();
$old_profile =& $cur_profile;
// Too often, people remove/delete their own only account.
if (in_array(1, explode(',', $old_profile['additional_groups'])) || $old_profile['id_group'] == 1) {
// Are you allowed to administrate the forum, as they are?
isAllowedTo('admin_forum');
$request = $smcFunc['db_query']('', '
SELECT id_member
FROM {db_prefix}members
WHERE (id_group = {int:admin_group} OR FIND_IN_SET({int:admin_group}, additional_groups) != 0)
AND id_member != {int:selected_member}
LIMIT 1', array('admin_group' => 1, 'selected_member' => $memID));
list($another) = $smcFunc['db_fetch_row']($request);
$smcFunc['db_free_result']($request);
if (empty($another)) {
fatal_lang_error('at_least_one_admin', 'critical');
}
}
// This file is needed for the deleteMembers function.
require_once $sourcedir . '/Subs-Members.php';
// Do you have permission to delete others profiles, or is that your profile you wanna delete?
if ($memID != $user_info['id']) {
isAllowedTo('profile_remove_any');
// Now, have you been naughty and need your posts deleting?
// !!! Should this check board permissions?
if ($_POST['remove_type'] != 'none' && allowedTo('moderate_forum')) {
// Include RemoveTopics - essential for this type of work!
require_once $sourcedir . '/RemoveTopic.php';
// First off we delete any topics the member has started - if they wanted topics being done.
if ($_POST['remove_type'] == 'topics') {
// Fetch all topics started by this user within the time period.
$request = $smcFunc['db_query']('', '
SELECT t.id_topic
FROM {db_prefix}topics AS t
WHERE t.id_member_started = {int:selected_member}', array('selected_member' => $memID));
$topicIDs = array();
while ($row = $smcFunc['db_fetch_assoc']($request)) {
$topicIDs[] = $row['id_topic'];
}
$smcFunc['db_free_result']($request);
// Actually remove the topics.
// !!! This needs to check permissions, but we'll let it slide for now because of moderate_forum already being had.
removeTopics($topicIDs);
}
// Now delete the remaining messages.
$request = $smcFunc['db_query']('', '
SELECT m.id_msg
FROM {db_prefix}messages AS m
INNER JOIN {db_prefix}topics AS t ON (t.id_topic = m.id_topic
AND t.id_first_msg != m.id_msg)
WHERE m.id_member = {int:selected_member}', array('selected_member' => $memID));
// This could take a while... but ya know it's gonna be worth it in the end.
while ($row = $smcFunc['db_fetch_assoc']($request)) {
if (function_exists('apache_reset_timeout')) {
@apache_reset_timeout();
}
removeMessage($row['id_msg']);
}
$smcFunc['db_free_result']($request);
}
// Only delete this poor members account if they are actually being booted out of camp.
if (isset($_POST['deleteAccount'])) {
deleteMembers($memID);
}
} elseif (empty($post_errors) && !empty($modSettings['approveAccountDeletion']) && !allowedTo('moderate_forum')) {
// Setup their account for deletion ;)
updateMemberData($memID, array('is_activated' => 4));
// Another account needs approval...
updateSettings(array('unapprovedMembers' => true), true);
} elseif (empty($post_errors)) {
deleteMembers($memID);
require_once $sourcedir . '/LogInOut.php';
LogOut(true);
redirectExit();
}
}
if (isset($_POST['FormLogIn'])) {
openFormLogIn($tmpl['LogIn']);
} else {
if (isset($_POST['FormSingUp'])) {
openFormSingUp($tmpl['LogIn']);
} else {
if (isset($_POST['LogIn'])) {
if (authorize($mysqli, $_POST['login'], $_POST['password'], $tmpl['logout'])) {
$_SESSION["pageNumber"] = 1;
$_SESSION["pagelist"] = $tmpl["pagenumber"];
guest_event($mysqli, $tmpl['mininews'], $tmpl['pagenumber'], $tmpl['page']);
hotnews($mysqli, $tmpl["hotnews"]);
}
} else {
if (isset($_POST['LogOut'])) {
if (LogOut($mysqli, $tmpl['regist'])) {
/*НОВАЯ АВТОРИЗАЦИЯ ДЛЯ ГОСТЯ*/
if (!isset($_SESSION["pageNumber"])) {
$_SESSION["pageNumber"] = 1;
}
if (!isset($_SESSION["maxCountNews"])) {
$_SESSION["maxCountNews"] = 2;
}
$_SESSION["postCateg"] = "Главная страница";
$_SESSION['select'] = $tmpl['selectnumbernews'];
guest_event($mysqli, $tmpl['mininews'], $tmpl['pagenumber'], $tmpl['page']);
hotnews($mysqli, $tmpl["hotnews"]);
}
} else {
if (isset($_POST['SingUp'])) {
if (registret($mysqli, $_POST['login'], $_POST['password'])) {
function Close($message)
{
global $cli;
LogOut();
if (file_exists("Cookies.txt")) {
unlink("Cookies.txt");
}
qecho($message . "\n");
if (!count($cli->params)) {
sleep(2);
}
die;
}
$cmd = strtolower($req->command);
if ($cmd == "login") {
if (!isset($req->data->login) || !isset($req->data->password)) {
SendDataAndDie(4, "");
}
$res = GetPHPSESID($req->data->login, $req->data->password);
if ($res === false) {
SendDataAndDie(300, "");
}
SendDataAndDie(200, $res);
} else {
if ($cmd == "logout") {
if (!isset($req->phpsesid)) {
SendDataAndDie(301, "");
}
$res = LogOut($req->phpsesid);
if ($res === false) {
SendDataAndDie(302, "");
}
SendDataAndDie(200, "");
} else {
if ($cmd == "checklogin") {
if (strlen($req->data) < 4) {
SendDataAndDie(4, "");
}
$res = CheckLogin($req->data);
if ($res === false) {
SendDataAndDie(666, "");
}
SendDataAndDie(200, $res);
} else {
private function createBlock(&$block){
//global $this->db;
$this->paginate=false;
if($block->block_options){
$block->block_options = self::membership_vars($block->block_options);
$block->block_options = stripslashes($block->block_options);
// keep copy of old keys for array intersection and block processing ?
// block options will add the options to the block; returning the entire block back
// use array combine instead of passing the entire block?
$block = self::get_block_options($block);
if($block->logout == 'true' && $block->group_permissions && $block->user_session){
LogOut();
// could/should parse this $block-redirect to take [root]
if($block->redirect) header("Location: $block->redirect");
exit;
}
if((!$block->user_session) && $block->permissions){
// show the block and exit (don't show anything else.. hopefully this is the only block in the url other than globals..
$this->html_output .= ($block->unauthorized_msg?$block->unauthorized_msg:'');
unset($block);
end;
}
if($block->permissions && $block->permissions != $block->group_permissions && $block->permissions != 'hide'){
$group_level = self::get_results('SELECT group_level from mp_groups where group_permissions ="'.$block->permissions . '"');
if($group_level[0]->group_level < $block->group_level){
$block->block_content = ($block->unauthorized_msg?$block->unauthorized_msg:'<h3>You do not have permission to view this data.</h3>');
}
}
if(($block->permissions && (((!$block->user_session) && !$block->hide_block)) || ($block->hide_block))){
// Special permission to be set for blocks to hide when authorized (specifically the login screen) also hides authorized blocks when not logged in (without a 'you do not have permission' message)
$block->block_content = '';
unset($block);
}
if($block->load_class){
// this is much easier than the php parser from aiki framework .. probably adapt it
// do we still need to pass 'system_folder' var for parent constructs ? some blocks need specific parameters passed to them
$class= $block->load_class;
if(!class_exists($class));
require($this->system_folder.'/system/libraries/'.$class.'.php');
// systemfolder must be passed in order for the parent construct method to work
// may consider creating a class that pre-generates the class files based on some basic parameters
$block->load_class = new $class($this->system_folder);
$block->block_content .= $block->load_class->html;
/* ambitius but rubbish ?
$block->block_content .= self::smartLoad($block->load_class);
*/
}
if($block->edit_conf){
// load admin with an extra selector ???
if(!class_exists('admin')){
require($this->system_folder.'/system/libraries/admin.php');
$block->edit_conf = new admin($this->system_folder,$block->edit_conf);
$block->block_content .= $block->edit_conf->html;
}
}
if($block->form_edit_config && $block->form_record_config){
if(!class_exists('sqlee') && !$form){
require($this->system_folder.'/system/libraries/sqlee.php');
$form = new sqlee($this->system_folder);
}
require_once($this->system_folder.'/system/conf/sqlee_conf.php');
foreach(explode(' ',sqlee_conf::$_['block_options']) as $key){
$temp_check[$key] = '';
}
$sqlee_arguments = array_intersect_key(get_object_vars($block),$temp_check);
if(count($sqlee_arguments)>1 && $form){
$form = $form->record_editor($sqlee_arguments);
$this->html_output .= $form;
}
}
if($block->description && $this->user_var['[description]'] && !strstr('((',$block->description)) $this->description []= $block->description;
// inner_sql - simple way to insert data into a sql selection statement
// check to see that a limit doesn't already exist in statement
if($block->keywords && $this->user_var['[keywords]']) $this->keywords []= trim($block->keywords);
// destroy blocks that want to be hidden
if($block->hide_urls)
foreach(explode(',',$block->hide_urls) as $hide)
if($hide == $block->urls || $hide == $this->pass_url)
unset($block);
}
// sql select statement processing
if($block->master_select){
$block->master_select = self::processVars($block->master_select);
// this includes checking for a (!!) , after the (!!) a user may provide a backup sql select statement if the first statement fails
$master_selects = explode('(!!)',$block->master_select);
if(count($master_selects) == 2){
$url1=self::get_string_between ($master_selects[0], '(!(', ')!)');
// this basically says that if the URL isn't recognized, then run the second select statement this may need more testing...
$block->master_select = ($url1==$this->url[$url1]?$master_selects[0]:$master_selects[1]);
// problem if multiple paginate block types exist... problems will ensue... try using unique block_title/template
}elseif($block->block_type == 'paginate'){
$block = self::paginate($block);
}
unset($master_selects);
}
// create actual content
// stipulations.. raw_html doesn't do any title processing... this is problematic..
$block->block_content = stripslashes($block->block_content);
// whats the diff between block content and block_html ??
switch ($block->block_type){
default: self::createBlockContent($block); $this->html_output .= self::processVars($block->block_content); break;
case "raw_html": $this->html_output .= $block->block_content; break;
case "inline_css": $this->html_head .= "\n" . '<style type ="text/css">' . preg_replace("/\r?\n/m", "",$block->block_content) . "</style>\n" ; break;
case "parse": $this->html_output .= self::processVars($block->block_content); break;
case "html_head": $this->html_head .= self::processVars($block->block_content); break;
case "dyn_head": self::createBlockContent($block); $this->html_head .= self::processVars($this->block_html); break;
case "full_doc": $this->full_output = $block->block_content; end; break;
case "full_html": self::createBlockContent($block);$this->full_output = $this->block_html;end; break;
}
unset($this->block_html);
}
