public function home() { global $user; $v = $this->__(w('alias filename ext')); if (!f($v['alias']) || !f($v['filename'])) { _fatal(); } $sql = 'SELECT tree_id FROM _tree WHERE tree_alias = ?'; if (!($tree = _fieldrow(sql_filter($sql, $v['alias'])))) { _fatal(); } $sql = 'SELECT * FROM _downloads WHERE download_alias = ? AND download_tree = ?'; if (!($download = _fieldrow(sql_filter($sql, $v['filename'], $tree['tree_id'])))) { _fatal(); } if ($download['download_login']) { _login(); } $sql = 'UPDATE _downloads SET download_count = download_count + 1 WHERE download_id = ?'; _sql(sql_filter($sql, $download['download_id'])); $filepath = LIB . 'fetch/' . _filename($download['download_id'], $download['download_extension']); return; }
function home() { global $user, $style; // /get/$1/$2.$3 $v = $this->__(array('alias', 'filename', 'ext')); if (empty($v['alias']) || empty($v['filename'])) { _fatal(); } $sql = "SELECT tree_id\n\t\t\tFROM _tree\n\t\t\tWHERE tree_alias = '" . $this->_escape($v['alias']) . "'"; if (!($tree = $this->_fieldrow($sql))) { _fatal(); } $sql = "SELECT *\n\t\t\tFROM _downloads\n\t\t\tWHERE download_alias = '" . $this->_escape($v['filename']) . "'\n\t\t\t\tAND download_tree = " . (int) $tree['tree_id']; if (!($download = $this->_fieldrow($sql))) { _fatal(); } if ($download['download_login']) { _login(); } $filepath = LIB . 'get/' . _filename($download['download_id'], $download['download_extension']); return; }
$GLOBALS['act'] = $noskinact; $GLOBALS['p'] = $page; $_GET['act'] = $noskinact; $_GET['p'] = $page; //Authenticate current user $CURRENT_USER = NULL; authenticate(); //Deny blocked accounts if ($CURRENT_USER["level"] < 0) { $ERR->Forbidden("your account is blocked"); } $MDL->LoadModule($p); exit; break; case "auth": if (!_login($login, $passwd)) { $MDL->IsModuleExists('error') ? $p = "error" : $ERR->Forbidden("account isn't valid"); $page = "403"; //forbidden break; } resetpage($fwdto); break; case "logout": _logout(); resetpage($fwdto); break; case "root": if (isset($id) && $id == "logout") { _logoutroot(); resetpage($fwdto);
function logIn() { $username = $_POST['username']; $password = $_POST['password']; _login($username, $password); }
protected function _friend_deny() { global $bio; if (!$bio->v('auth_member')) { _login(); } $v = $this->__(w('a')); $sql = 'SELECT bio_id FROM _bio WHERE bio_alias = ?'; if (!($bio_id = _field(sql_filter($sql, $v['a']), 'bio_id', 0))) { _fatal(); } $sql = 'SELECT friend_id, friend_pending FROM _bio_friends WHERE friend_assoc = ? AND friend_bio = ?'; if (!($friend = _fieldrow(sql_filter($sql, $bio_id, $bio->v('bio_id'))))) { _fatal(); } if (!$friend['friend_pending']) { _fatal(); } $sql = 'DELETE FROM _bio_friends WHERE friend_id = ?'; _sql(sql_filter($sql, $friend['friend_id'])); return; }
public function __construct() { global $bio; parent::__construct(); $this->auth(false); $this->_m(array('page' => w(), 'messages' => w(), 'account' => w(), 'password' => w(), 'analytics' => w(), 'biography' => w('modify'), 'fans' => w('add remove'), 'interviews' => w('create modify remove'), 'journal' => w('create modify remove'), 'messages' => w('modify remove'), 'options' => w('modify'), 'permission' => w('create remove'), 'record' => w('view remove'), 'gallery' => array('set' => w('create modify remove'), 'photo' => w('create modify remove')), 'music' => array('cd' => w('create modify remove'), 'song' => w('create modify remove'), 'lyrics' => w('create modify remove')))); $this->m(w('home write sent draft'), 'messages_a'); // // This bio! // $v = $this->__(w('domain alias tab:home')); if (empty($v->domain) && empty($v->alias)) { $warning->fatal(); } if (!empty($v->domain)) { $v->domain = $this->strip_domain($v->domain); } elseif (!empty($v->alias)) { $v->alias = _low($v->alias, true); if ($v->alias === false) { $warning->fatal(); } } // $sql = 'SELECT * FROM _bio b, _bio_type t WHERE (b.bio_alias = ? OR b.bio_domain = ?) AND b.bio_active = ? AND b.bio_type = t.type_id LIMIT 1'; if (!($_bio = sql_fieldrow(sql_filter($sql, $v->alias, $v->domain, 1)))) { $warning->fatal(); } if ($v->tab != 'home') { $sql = 'SELECT relation_id FROM _bio_relation r, _bio_modules m, _bio_publish p WHERE p.publish_local = ? AND r.relation_alias = ? AND r.relation_id = m.module_relation AND p.publish_module = m.module_id'; if (!sql_field(sql_filter($sql, $_bio->bio_id, $v->tab), 'relation_id', 0)) { $warning->fatal(); } } switch ($_bio->type_alias) { case 'artist': case 'page': if ($bio->v('auth_member')) { $sql = 'SELECT auth_id FROM _bio_auth WHERE auth_local = ? AND auth_remote = ? LIMIT 1'; if (sql_field(sql_filter($sql, $_bio->bio_id, $bio->v('bio_id')))) { $bio->v('auth_page', true); } } break; default: break; } // // Access Control switch ($_bio->bio_access) { case BIO_ACCESS_FOLLOWER: if (!$bio->v('auth_member')) { $bio->login(); _login(); } if (!$this->bio_follower($_bio->bio_id) && !$bio->v('auth_page')) { _fatal(); } break; case BIO_ACCESS_ALL: break; default: break; } return; }
<?php /** * [WeEngine System] Copyright (c) 2014 WE7.CC * WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details. */ defined('IN_IA') or exit('Access Denied'); define('IN_GW', true); if (checksubmit()) { _login($_GPC['referer']); } cache_load('setting'); template('user/login'); function _login($forward = '') { global $_GPC, $_W; load()->model('user'); $member = array(); $username = trim($_GPC['username']); if (empty($username)) { message('请输入要登录的用户名'); } $member['username'] = $username; $member['password'] = $_GPC['password']; if (empty($member['password'])) { message('请输入密码'); } $record = user_single($member); if (!empty($record)) { if ($record['status'] == 1) { message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
protected function _attend_home() { global $bio; if (!is_ghost()) { _fatal(); } if (!$bio->v('auth_member')) { _login(); } $v = $this->__(_array_keys(w('event option'), 0)); if (!$v['event'] || !$v['option']) { _fatal(); } $sql = 'SELECT event_id FROM _events WHERE event_id = ?'; if (!_fieldrow($sql, $v['event'])) { _fatal(); } $sql = 'SELECT type_id FROM _events_attend_type WHERE type_id = ?'; if (!_fieldrow(sql_filter($sql, $v['option']))) { _fatal(); } $sql = 'SELECT attend_id FROM _events_attend WHERE attend_event = ? AND attend_uid = ?'; if ($attend_id = _field(sql_filter($sql, $v['event'], $bio->v('bio_id')), 'attend_id', 0)) { $sql = 'UPDATE _events SET attend_option = ? WHERE attend_id = ?'; _sql(sql_filter($sql, $v['option'], $attend_id)); } else { $sql_insert = array('attend_event' => $v['event'], 'attend_uid' => $bio->v('bio_id'), 'attend_option' => $v['option'], 'attend_time' => time()); sql_put('_events_attend', $sql_insert); } return $this->e('~OK'); }
public function out() { global $user; if (!$user->v('is_member')) { redirect(_link()); } $user->session_kill(); $user->v('is_member', false); $user->v('session_page', ''); $user->v('session_time', time()); _login('LOGGED_OUT'); }
if (preg_match('/x\\d+/i', $warg_k)) { $warg_x = str_replace('x', '', $warg_k); } } if ($wdir !== false) { for ($i = 0; $i < $warg_x; $i++) { $warg['x' . ($i + 1)] = isset($warg['x' + ($i + 2)]) ? $warg['x' + ($i + 2)] : ''; } } } if (defined('MY_TIMEZONE') && !f(ini_get('date.timezone')) && function_exists('date_default_timezone_set')) { @ini_set('date.timezone', MY_TIMEZONE); } $module->xlevel($warg); if (!$p_dir && $module->auth() && (!$module->x(1) || !count($module->exclude) || !in_array($module->x(1), $module->exclude))) { _login(); } if (!method_exists($module, $module->x(1))) { _fatal(); } // Session start $user->start(true); $user->setup(); $module->m($mod); if (!$module->auth_access() && $module->auth()) { _fatal(); } if (@method_exists($module, 'install')) { $module->_install(); } $module->navigation('home', '', '');
if (isset($_POST['uname']) && strlen($_POST['uname']) < 20) { $lsdb_uname = strip_tags($_POST['uname']); } else { unset($lsdb_uname); } if (isset($_POST['pass']) && strlen($_POST['pass']) < 20) { $lsdb_pass = strip_tags($_POST['pass']); } else { unset($lsdb_pass); } switch ($myop) { case "logout": logout(); break; case "login": _login($lsdb_uname, $lsdb_pass); break; case "chgpwd": if (changepass() == 1) { # _login($uname, $newpass1); #userinfo($uname, $bypass); die("<h3>Changed ...</h3>"); } else { die("<h3>Error changing user values ...</h3>"); } break; default: if (isset($usertoken)) { user_main($usertoken); } else { user_main(array());
function _xfs($mod = false, $wdir = false, $warg = false) { global $user, $style; include_once(XFS . 'core/modules.php'); if ($mod === false) { $mod = request_var('module', ''); } $mod = (!empty($mod)) ? $mod : 'home'; $mod_dir = './base/_' . $mod; $p_dir = ($wdir === false && @file_exists($mod_dir) && is_dir($mod_dir)) ? true : false; if (!$p_dir) { $mod_dir = './base/_' . (($wdir !== false) ? $wdir . '/_' : '') . $mod; $mod_path = $mod_dir . '.php'; $mod_class = '__' . $mod; if (!@file_exists($mod_path)) { _fatal(); } include_once($mod_path); if (!class_exists($mod_class)) { _fatal(); } $module = new $mod_class(); } if ($warg === false) { $warg = array(); $arg = request_var('args', ''); if (!empty($arg)) { foreach (explode('.', $arg) as $v) { $el = explode(':', $v); if (isset($el[0]) && isset($el[1]) && !empty($el[0])) { $warg[$el[0]] = $el[1]; } } } if (isset($_POST) && count($_POST)) { $_POST = _utf8($_POST); $warg = array_merge($warg, $_POST); } } if ($p_dir) { _xfs(((isset($warg['x1'])) ? $warg['x1'] : ''), $mod, $warg); } else { if (isset($module->auth) && $module->auth) { $v_auth_exclude = (isset($module->auth_exclude) && (isset($warg['x1']) && in_array($warg['x1'], $module->auth_exclude))) ? true : false; if (!$v_auth_exclude) { _login(); } } $warg_x = 0; foreach ($warg as $warg_k => $warg_v) { if (preg_match('/x\d+/i', $warg_k)) { $warg_x = str_replace('x', '', $warg_k); } } if ($wdir !== false) { for ($i = 0; $i < $warg_x; $i++) { $warg['x' . ($i + 1)] = (isset($warg['x' + ($i + 2)])) ? $warg['x' + ($i + 2)] : ''; } } } date_default_timezone_set('America/Guatemala'); $module->arg = $warg; $module->xlevel(); if (!method_exists($module, $module->level['x1'])) { _fatal(); } // Session start $user->start(true); $user->setup(); if (!$module->auth_access($user->data)) { _fatal(); } if (!defined('LIB')) define('LIB', '../space/'); if (!defined('LIBD')) define('LIBD', _link() . str_replace('../', '', LIB)); $module->module = $mod; if (@method_exists($module, 'install')) { $module->install(); } $module->navigation('home', '', ''); $module->navigation($module->module, ''); $module->{$module->level['x1']}(); if (empty($module->template)) { $module->template = $mod; } if (@file_exists('./base/tree')) { $menu = array_map('trim', @file('./base/tree')); foreach ($menu as $i => $row) { if (!$i) $style->assign_block_vars('tree', array()); $row = trim($row); $row_level = strripos($row, '*') + 1; preg_match('#^\*{0,} (.*?) <(.*?)>$#i', $row, $row_key); $row_mod = array(dvar(array_key(explode('/', $row_key[2]), 1), 'index')); if ($row_level > 1) $row_mod[] = array_key(explode(':', array_key(explode('.', array_key(explode('/', $row_key[2]), 2)), 0)), 1); $row_auth = implode('_', $row_mod); if (!$user->auth_get($row_auth)) continue; $row_style = '.row' . (($row_level == 1) ? '' : '.sub' . ($row_level - 1)); $style->assign_block_vars('tree' . $row_style, array( 'V_NAME' => trim(str_replace('*', '', $row_key[1])), 'V_LINK' => _link() . substr($row_key[2], 1)) ); } } // // Output template $page_smodule = 'CONTROL_' . strtoupper($mod); if (is_lang($page_smodule)) { $module->page_title($page_smodule); } $sv = array( 'MODE' => $module->level['x1'], 'MANAGE' => $module->level['x2'], 'NAVIGATION' => $module->get_navigation() ); _layout($module->template, $module->page_title(), $sv); }