function checkpass($CK) { Add_S($CK); global $db, $manager, $db_ifsafecv, $db_gdcheck; if ($_POST['Login_f'] == 1 && $db_gdcheck & 32) { GdConfirm($_POST['lg_num']); } if (CkInArray($CK[1], $manager)) { global $manager_pwd; $v_key = array_search($CK[1], $manager); if (!SafeCheck($CK, PwdCode($manager_pwd[$v_key]))) { $rt = $db->get_one("SELECT uid,username,groupid,groups,password,safecv FROM pw_members WHERE username="******"SELECT m.uid,m.username,m.groupid,m.groups,m.password,m.safecv,m.groupid,u.gptype,p.rvalue as allowadmincp FROM pw_members m LEFT JOIN pw_usergroups u ON u.gid=m.groupid LEFT JOIN pw_permission p ON p.uid='0' AND p.fid='0' AND p.gid=m.groupid AND p.rkey='allowadmincp' WHERE m.username=" . pwEscape($CK[1])); if (!$rt['allowadmincp'] || $rt['gptype'] != 'system' && $rt['gptype'] != 'special' || $db_ifsafecv && $rt['safecv'] != $CK['3']) { return false; } if (!SafeCheck($CK, PwdCode($rt['password'])) || !admincheck($rt['uid'], $CK[1], $rt['groupid'], $rt['groups'], 'check')) { return false; } $rightset = $db->get_value('SELECT value FROM pw_adminset WHERE gid=' . pwEscape($rt['groupid'])); if ($rightset) { if (!is_array($rightset = unserialize($rightset))) { $rightset = array(); } } else { $rightset = array(); } require GetLang('purview'); foreach ($rightset as $key => $value) { $rightset[$key] = isset($purview[$key]) && $rightset[$key] == 1 ? 1 : 0; } $rightset['gid'] = $rt['groupid']; } return $rightset; }
case 'request_app': $msg = getLangInfo('message', 'app_add_ignore'); break; default: $msg = getLangInfo('message', 'request_ignore'); break; } $messageServer->overlookRequests($winduid, $rids); ajaxExport($msg); } elseif ($action == 'post') { S::gp(array('_usernames', 'atc_title', 'atc_content', 'flashatt', 'gdcode')); $usernames = $_usernames; /*specia;*/ $atc_title = trim($atc_title); $atc_content = trim($atc_content); if ($db_gdcheck & 8 && false === GdConfirm($gdcode, true)) { ajaxExport(array('bool' => false, 'message' => '你的验证码不正确或过期')); } if (!$_G['allowmessege']) { ajaxExport(array('bool' => false, 'message' => '你所在的用户组不能发送消息')); } if ("" == $usernames) { ajaxExport(array('bool' => false, 'message' => '收件人不能为空')); } if (in_array($windid, $usernames)) { ajaxExport(array('bool' => false, 'message' => '你不能给自己发消息')); } if (count($usernames) > 1 && intval($_G['multiopen']) < 1) { ajaxExport(array('bool' => false, 'message' => '你不能发送多人消息')); } if ($_FILES['attachment']) {
function PostCheck($verify = 1, $gdcheck = 0, $qcheck = 0, $refer = 1) { global $pwServer; $verify && checkVerify(); if ($refer && $pwServer['REQUEST_METHOD'] == 'POST') { $referer_a = @parse_url($pwServer['HTTP_REFERER']); if ($referer_a['host']) { list($http_host) = explode(':', $pwServer['HTTP_HOST']); if ($referer_a['host'] != $http_host) { Showmsg('undefined_action'); } } } $gdcheck && GdConfirm($_POST['gdcode']); $qcheck && Qcheck($_POST['qanswer'], $_POST['qkey']); }
$db_adminrecord = 0; Cookie('AdminUser', '', 0); adminmsg('login_fail'); } if (empty($manager)) { if (file_exists(D_P . 'data/sql_config.php')) { adminmsg('managerinfo_error'); } else { adminmsg('sql_config'); } } $CK = array(); $admin_name = ''; if ($_POST['admin_pwd'] && $_POST['admin_name']) { if ($db_gdcheck & 32) { GdConfirm($_POST['lg_num']); } $admin_name = stripcslashes($_POST['admin_name']); $safecv = $db_ifsafecv ? questcode($_POST['question'], $_POST['customquest'], $_POST['answer']) : ''; $CK = array($timestamp, $_POST['admin_name'], md5(PwdCode(md5($_POST['admin_pwd'])) . $timestamp . getHashSegment()), $safecv); Cookie('AdminUser', StrCode(implode("\t", $CK))); } else { $AdminUser = GetCookie('AdminUser'); if ($AdminUser) { $CK = explode("\t", StrCode($AdminUser, 'DECODE')); $admin_name = stripcslashes($CK[1]); } } if (!empty($CK)) { PwNewDB(); $rightset = checkpass($CK);
$md5Pwd = md5($pwpwd); $loginInfo = checkpass($pwuser, $md5Pwd, '', $lgt, false); if (!S::isArray($loginInfo)) { CloudWind::yunUserDefend('login', CloudWind::getNotLoginUid(), $pwuser, $timestamp, 0, 102, $logininfo, '', '', ''); showLoginAjaxMessage($loginInfo); } list(, $_LoginInfo) = pwNavBar(); list(, , , , $hasSafeCv) = $loginInfo; if ($db_ifsafecv && $hasSafeCv || $db_gdcheck & 2 || $_LoginInfo['qcheck']) { require_once PrintEot('header_login_pop'); ajax_footer(); } } if ($ajax && $ajaxstep == 2) { if ($db_gdcheck & 2) { $checkCode = GdConfirm(S::getGp('gdcode', 'P'), true); !$checkCode && showLoginAjaxMessage('gdcodeerror'); } if ($db_ckquestion & 2) { list($qanswer, $questionKey) = array(S::getGp('qanswer', 'P'), S::getGp('qkey', 'P')); $checkAnswer = Qcheck($qanswer, $questionKey, true); !$checkAnswer && showLoginAjaxMessage('ckquestionerror'); } } else { PostCheck(0, $db_gdcheck & 2, $db_ckquestion & 2 && $db_question, 0); } $jumpurl = str_replace(array('=', '&'), array('=', '&'), $jumpurl); if (!$pwuser || !$pwpwd) { Showmsg('login_empty'); } $md5_pwpwd = md5($pwpwd);
/** * POST请求检查 * * @global array $pwServer * @param int $checkHash 是否检查请求hash * @param int $checkGd 是否检查验证码 * @param int $checkQuestion 是否检查安全问题 * @param int $checkReferer 是否检查refer */ function PostCheck($checkHash = 1, $checkGd = 0, $checkQuestion = 0, $checkReferer = 1) { global $pwServer; $checkHash && checkVerify(); if ($checkReferer && $pwServer['REQUEST_METHOD'] == 'POST') { $refererParsed = @parse_url($pwServer['HTTP_REFERER']); if ($refererParsed['host']) { list($httpHost) = explode(':', $pwServer['HTTP_HOST']); if ($refererParsed['host'] != $httpHost) { Showmsg('undefined_action'); } } } $checkGd && GdConfirm($_POST['gdcode']); $checkQuestion && Qcheck($_POST['qanswer'], $_POST['qkey']); }