Пример #1
0
/**
 * 判断COOKIE是否超过一个小时,如果没有超过则更新$_M['user']['cookie']中的信息
 */
function met_cooike_start()
{
    global $_M;
    $_M['user']['cookie'] = array();
    $met_webkeys = $_M['config']['met_webkeys'];
    list($username, $password) = explode("\t", authcode($_M['form']['met_auth'], 'DECODE', $met_webkeys . $_COOKIE['met_key']));
    $username = sqlinsert($username);
    $query = "SELECT * from {$_M['table']['admin_table']} WHERE admin_id = '{$username}'";
    $user = DB::get_one($query);
    $usercooike = json_decode($user['cookie']);
    if (md5($user['admin_pass']) == $password && time() - $usercooike->time < 3600) {
        foreach ($usercooike as $key => $val) {
            $_M['user']['cookie'][$key] = $val;
        }
        if (defined('IN_ADMIN')) {
            $_M['user']['admin_name'] = get_met_cookie('metinfo_admin_name');
            $_M['user']['admin_id'] = $_M['user']['cookie']['metinfo_admin_id'];
            $privilege = background_privilege();
            $_M['user']['langok'] = $privilege['langok'];
        }
        $_M['user']['cookie']['time'] = time();
        $json = json_encode($_M['user']['cookie']);
        $query = "update {$_M['table']['admin_table']} set cookie = '{$json}' WHERE admin_id = '{$username}'";
        $user = DB::query($query);
    }
}
Пример #2
0
 public function respond()
 {
     global $_W;
     $rid = $this->rule;
     $reply = pdo_fetch("SELECT * FROM " . tablename('vote_reply') . " WHERE `rid`=:rid LIMIT 1", array(':rid' => $rid));
     if ($reply == false) {
         return $this->respText('活动已经取消...');
     }
     $nowtime = time();
     $endtime = $reply['endtime'] + 86399;
     if ($reply['status'] == 0) {
         return $this->respText("投票已暂停,请等待...");
     }
     if ($reply['votelimit'] == 1) {
         if ($reply['votetotal'] > 0 && $reply['votenum'] >= $reply['votetotal']) {
             return $this->respText("投票人数已满,活动结束...");
         }
     } else {
         if ($reply['starttime'] > $nowtime) {
             return $this->respText("投票未开始,请等待...");
         } elseif ($endtime < $nowtime) {
             return $this->respText("投票已结束...");
         } else {
             //                if ($reply['status'] != 1) {
             //                     return $this->respText("投票已暂停,请等待...");
             //                }
         }
     }
     return $this->respNews(array('Title' => $reply['title'], 'Description' => $reply['description'], 'PicUrl' => img_url($reply['thumb']), 'Url' => $this->createMobileUrl("index", array("id" => $rid, 'from_user' => base64_encode(authcode($this->message['from'], 'ENCODE'))))));
 }
Пример #3
0
 public function confirm()
 {
     if (IS_POST) {
         if ($this->redis->get($this->wx_numberid_name . intval(I('post.numberid'))) && I('post.confirm') == 'true') {
             $this->redis->setex($this->wx_auth_name . intval(I('post.numberid')), 150, ACPopedom::getID());
             //提示登陆成功
             header("HTTP/1.1 200");
             exit;
         } else {
             header("HTTP/1.1 400");
             exit;
         }
     }
     $nmberid = authcode(base64_decode(trim(I('get.token'))), "DECODE", SESSION_AUTH);
     if (!intval($nmberid)) {
         //解析不成功
         $this->ajaxReturn(array('status' => false, 'msg' => '无效的二维码'));
     }
     if (!$this->redis->get($this->wx_numberid_name . $nmberid)) {
         //解析不成功
         $this->ajaxReturn(array('status' => false, 'msg' => '此二维码已过期,请刷新页面再扫!'));
     }
     //生成扫码通过标识,并绑定扫码带来的numberid
     $this->redis->setex($this->wx_login_name . $nmberid, 150, ACPopedom::getAvator());
     $this->ajaxReturn(array('status' => true, 'numberid' => $nmberid));
 }
Пример #4
0
  /**
   * 前期执行
   */
  public function _initialize(){
	//配置
	$configs = getCache('Config:list');
	$this->configs = $configs;
	$this->assign('configs',$configs);
    //dump($configs);exit;
	//购物车
	/*
	$shopcart=  session('shopcart');
	$this->shopcartnum = count($shopcart);
	$this->assign('shopcartnum', count($shopcart));
	*/
	//上级
	if($_GET['r']){
	  cookie('r',$_GET['r']);
	}
	//会员信息
	$member_msg = session('member_msg');
	$user = unserialize(authcode($member_msg,'DECODE'));
    $user['id'] = 107;//模拟用户

	if($user){
	  if($user['openid'] && !$user['id']){
		$to_url = C('MEMBER_SITE_URL').'/Member/message';
	    header("location:".$to_url);exit;
	  }
	  $model = D('Member');
	  $data['a.id'] = $user['id'];
	  $db_pre = C('DB_PREFIX');
	  $user = $model->alias('a')->join('`'.$db_pre.'member_wallet` as b on a.id=b.member_id')->join('`'.$db_pre.'member_msg` as c on a.id=c.member_id')->field('a.id,a.pid,a.nickname,logo,lv,lv_name,email,utype,username,realname,mobile,password,salt,pv_id,ct_id,province,city,create_time,last_login_time,balance,frozen,c.sex')->where($data)->find();
	  //echo $model->getlastsql();exit;
	  if($user['balance']==null){
		$data['update_time'] = time();
		$model->add($data);
	    $user['balance'] = 0;
		$user['frozen'] = 0;
		$user['update_time'] = time();
	  }
	  //dump($user);
	  $user['username'] = $user['username'] ? $user['username'] : $user['mobile'];
	  $this->user = $user;
	  $this->assign('user',$user);
	}
	$this->iswx = isWeixin();//是否微信浏览器
	$this->login_url = C('SITE_URL').'/index.php/Public/login';
	$this->register_url = C('SITE_URL').'/index.php/Public/register';
	if(!IS_AJAX){
		if($_SERVER['QUERY_STRING']){
		  $from_url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
		}else{
		  $from_url = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];	
		}
		$from_url_except = array('login','register','reg_do','verify','checkLogin','check_username','check_email','get_city');
		if(array_search(ACTION_NAME,$from_url_except)===false && CONTROLLER_NAME!='Public'){
		  $_SESSION['self_url'] = $from_url;
		}	
	}
	
	$this->assign('self_url',$_SESSION['self_url']);
  }
Пример #5
0
 public function check()
 {
     $this->json = new JSON();
     $key = ForceStringFrom('key');
     $code = ForceStringFrom('code');
     $decode = authcode($code, 'DECODE', $key);
     $cookievalue = ForceCookieFrom(COOKIE_SAFE);
     $email = ForceStringFrom('email');
     if (!$email) {
         $this->ajax['i'] = '请输入Email地址!';
     } elseif (!IsEmail($email)) {
         $this->ajax['i'] = 'Email地址非法!';
     } elseif ($decode != md5(WEBSITE_KEY)) {
         $this->ajax['i'] = '验证码超时! 请刷新页面后重新提交.';
     } elseif ($cookievalue != md5(WEBSITE_KEY . $key . APP::$_CFG['KillRobotCode'])) {
         $this->ajax['i'] = '安全验证Cookie错误!';
     } elseif (!($user = APP::$DB->getOne("SELECT u.aid, u.password, u.fullname FROM " . TABLE_PREFIX . "admin u WHERE u.email = '{$email}' AND u.activated = 1"))) {
         $this->ajax['i'] = 'Email地址不存在!';
     } else {
         $subject = '管理员找回密码 -- ' . APP::$_CFG['Title'];
         $verifycode = PassGen(8);
         $verify_url = BASEURL . ADMINDIR . '/index.php?c=getpass&a=verify&key=' . base64_encode($email) . '&sid=' . md5($user['fullname'] . WEBSITE_KEY . $user['password'] . $verifycode);
         $content = "{$user['fullname']}:<br><br>您好! 请点击以下链接重设密码:<br><br>";
         $content .= "<a href=\"{$verify_url}\" target=\"_blank\">{$verify_url}</a><br><br>";
         APP::$DB->exe("UPDATE " . TABLE_PREFIX . "admin SET verifycode = '{$verifycode}' WHERE aid = '{$user['aid']}'");
         if (SendMail($email, $subject, $content) === true) {
             $this->ajax['s'] = 1;
             $this->ajax['i'] = '重设密码的邮件已发送到您的信箱, 请查收!';
         } else {
             $this->ajax['i'] = '发送邮件失败!';
         }
     }
     die($this->json->encode($this->ajax));
 }
Пример #6
0
 public function index()
 {
     $data = I('post.');
     if (!empty($data['username']) && !empty($data['password']) && !empty($data['verify'])) {
         if ($this->Verify->check($data['verify'])) {
             $user = M('user');
             $userdata = $user->where("username='******' and state=0", $data['username'])->find();
             if ($userdata && $userdata['password'] === md5(C('SECURE_CODE') . md5($data['password']))) {
                 unset($userdata['password']);
                 $userdata['ip'] = get_client_ip();
                 $user->where('id=' . $userdata['id'])->save(array('logintime' => time()));
                 $user_auth = json_encode($userdata);
                 $user_auth_cookie = authcode($user_auth, ENCODE);
                 cookie('auth', $user_auth_cookie, 3600);
                 $this->success('登陆成功', U('index/index'));
                 exit;
             } else {
                 $this->error("用户名或密码错误");
             }
         } else {
             $this->error("验证码填写错误");
         }
     }
     $this->display();
 }
Пример #7
0
 /**
  * 修改截取后的头像
  */
 public function ModifyAvator()
 {
     $ShearPhoto["config"] = array("proportional" => 0);
     import('Vendor.ShearPhoto.ShearPhoto');
     $Shear = new \ShearPhoto(ACPopedom::mixPass(ACPopedom::getID()));
     $tmp_name = $Shear->run(json_decode(trim(stripslashes($_POST["JSdate"])), true), $ShearPhoto["config"]);
     //传入参数运行
     if (!$tmp_name) {
         $this->ajaxReturn(array('erro' => '头像保存失败'));
     }
     $filename = $Shear->filename . $Shear->imagesuffix;
     //又拍云上传
     import('Vendor.Upyun.UpYunApi');
     $upYunApi = new \UpYunApi(UPYUN_BUCKET, UPYUN_USERNAME, UPYUN_PASSWORD);
     $upYunApi->debug = false;
     $upYunApi->setApiDomain(UPYUN_HOST);
     $fh = fopen($tmp_name, 'rb');
     $rsp = $upYunApi->writeFile('/Attachment/face/' . $filename, $fh, true);
     if (file_exists(ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . $Shear->filename)) {
         unlink(ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . $filename);
     }
     fclose($fh);
     if ($rsp) {
         $result = M('Users')->where('userid = ' . ACPopedom::getID())->save(array('avator' => UPYUN_BASIC_URL . '/Attachment/face/' . $filename));
         if ($result !== false) {
             $userinfo = ACPopedom::getUserInfo();
             cookie("__info__", authcode(serialize(array('nickname' => $userinfo['nickname'], 'userid' => $userinfo['userid'], 'avator' => UPYUN_BASIC_URL . '/Attachment/face/' . $filename)), "ENCODE", SESSION_AUTH, C('COOKIE_EXPIRE')));
             $this->ajaxReturn(array('success' => '截图成功!如不能立即显示,请多刷新两次', 'url' => U('Web/UserCenter/index')));
         } else {
             $this->ajaxReturn(array('erro' => '头像更新失败'));
         }
     } else {
         $this->ajaxReturn(array('erro' => '头像更新失败'));
     }
 }
Пример #8
0
 function register_header()
 {
     global $_G;
     $inputemail = 'gp_' . $this->regemail['email'];
     $_G['gp_email'] = $_G[$inputemail];
     if ($_POST) {
         $_G['gp_activationauth'] = strip_tags(str_replace(" ", "+", $_G['gp_activationauth']));
         $activationinfo = authcode($_G['gp_activationauth'], $operation = 'DECODE');
         $activationinfoname = preg_replace("/\\s.+/i", "", $activationinfo);
         if ($activationinfoname) {
             loaducenter();
             if ($data = uc_get_user($activationinfoname)) {
                 list($uid, $username, $email) = $data;
             }
             $_G['gp_email'] = getEmail(strip_tags($email));
         } else {
             $_G['gp_email'] = getEmail(strip_tags($_G['gp_email']));
         }
         $_G['gp_rid'] = strip_tags($_G['gp_rid']);
         if (!$_G['gp_rid']) {
             showmessage('dsu_amufzc:1', '');
         }
         if (!$_G['gp_email']) {
             showmessage('dsu_amufzc:5', '');
         }
         $amutb = DB::table("plugin_dsuamfzc");
         $query = DB::fetch_first("SELECT * FROM {$amutb} WHERE rid = '" . $_G['gp_rid'] . "'");
         if (!$query || $query['yes'] == '1') {
             showmessage('dsu_amufzc:2', '');
         }
         if ($_G['gp_email'] != $query['email']) {
             showmessage('dsu_amufzc:11', '');
         }
     }
 }
Пример #9
0
 public function avatar()
 {
     if ($_POST['dosubmit']) {
         $_POST['id'] = $this->_userid;
         if (!$this->dao->create($_POST)) {
             $this->error($this->dao->getError());
         }
         $this->dao->update_time = time();
         $this->dao->last_ip = get_client_ip();
         $result = $this->dao->save();
         if (false !== $result) {
             if ($_POST['aid']) {
                 $Attachment = M('Attachment');
                 $aids = implode(',', $_POST['aid']);
                 $data['userid'] = $this->_userid;
                 $data['catid'] = 0;
                 $data['status'] = '1';
                 $Attachment->where("aid in (" . $aids . ")")->save($data);
             }
             $this->success(L('do_success'));
         } else {
             $this->error(L('do_error'));
         }
         exit;
     }
     $yourphp_auth_key = sysmd5(C('ADMIN_ACCESS') . $_SERVER['HTTP_USER_AGENT']);
     $yourphp_auth = authcode('0-1-0-1-jpeg,jpg,png,gif-3-0', 'ENCODE', $yourphp_auth_key);
     $this->assign('yourphp_auth', $yourphp_auth);
     $this->display();
 }
Пример #10
0
 /**
  * 判断是否登录及获取当前管理员信息
  */
 protected function getCurrUser()
 {
     $currUser = Session("system_curr_user");
     if (empty($currUser)) {
         return;
     }
     $currUser = unserialize(authcode($currUser));
     if (!isset($currUser['id'])) {
         return;
     }
     $user = D("SysUser")->selectOne($currUser['id']);
     if (!$user) {
         return;
     }
     if (!$user['status']) {
         return;
     }
     // 帐号禁用
     $this->isLogined = true;
     unset($user['password']);
     $user['auth'] = unserialize($user['auth']);
     $user['upTime'] = $currUser['lastTime'];
     $user['upIp'] = $currUser['lastIp'];
     $this->currUser = $user;
 }
Пример #11
0
function setloginstatus($member, $cookietime)
{
    global $_G;
    $_G['uid'] = intval($member['uid']);
    $_G['username'] = $member['username'];
    $_G['adminid'] = $member['adminid'];
    $_G['groupid'] = $member['groupid'];
    $_G['formhash'] = formhash();
    $_G['session']['invisible'] = getuserprofile('invisible');
    $_G['member'] = $member;
    loadcache('usergroup_' . $_G['groupid']);
    C::app()->session->isnew = true;
    C::app()->session->updatesession();
    dsetcookie('auth', authcode("{$member['password']}\t{$member['uid']}", 'ENCODE'), $cookietime, 1, true);
    dsetcookie('loginuser');
    dsetcookie('activationauth');
    dsetcookie('pmnum');
    include_once libfile('function/stat');
    updatestat('login', 1);
    if (defined('IN_MOBILE')) {
        updatestat('mobilelogin', 1);
    }
    if ($_G['setting']['connect']['allow'] && $_G['member']['conisbind']) {
        updatestat('connectlogin', 1);
    }
    $rule = updatecreditbyaction('daylogin', $_G['uid']);
    if (!$rule['updatecredit']) {
        checkusergroup($_G['uid']);
    }
}
Пример #12
0
 function checkUserLogin($uname, $upass, $set = true)
 {
     $uname = trim($uname);
     $upass = trim($upass);
     $_this =& Members::getInstance();
     if (empty($uname) || empty($upass)) {
         return -1;
     }
     $sql = "SELECT m.id,m.username,m.userpass,af.first_name,af.last_name,af.expired FROM {$this->table_prefix}adminfields af LEFT JOIN {$this->table_prefix}members m ON af.member_id=m.id WHERE m.username='******'";
     $tmpUser = $this->dbstuff->GetRow($sql);
     if (!$_this->checkUserExist($uname)) {
         $this->error = L("member_not_exists");
         return -2;
     } elseif ($tmpUser['expired'] != 0 && $tmpUser['expired'] < $this->timestamp) {
         $this->error = L("account_expired");
         return;
     } elseif (!pb_strcomp($tmpUser['userpass'], $_this->authPasswd($upass))) {
         $this->error = L("login_pwd_wrong");
         return -3;
     } else {
         $this->dbstuff->Execute("UPDATE {$this->table_prefix}adminfields SET last_login="******",last_ip='" . pb_get_client_ip("str") . "' WHERE member_id=" . $tmpUser['id']);
         $tAuth = $tmpUser['id'] . "\n" . $tmpUser['username'] . "\n" . $tmpUser['userpass'];
         usetcookie("admin", authcode($tAuth, "ENCODE"));
         return true;
     }
 }
Пример #13
0
 public function respond()
 {
     global $_W;
     $rid = $this->rule;
     $from = $this->message['from'];
     $tag = $this->message['content'];
     $weid = $_W['weid'];
     //当前公众号ID
     //$upfansdatar = $this->check();
     $insert = array('weid' => $weid, 'from_user' => $from, 'upfansdatatime' => time());
     //if(empty($upfansdatar)){
     //pdo_insert($this->table_list, $insert);
     //}
     //推送分享图文内容
     $sql = "SELECT * FROM " . tablename($this->table_reply) . " WHERE `rid`=:rid LIMIT 1";
     $row = pdo_fetch($sql, array(':rid' => $rid));
     if (empty($row['id'])) {
         return array();
     }
     $now = time();
     if ($now >= $row['start_time'] && $now <= $row['end_time']) {
         return $this->respNews(array('Title' => $row['title'], 'Description' => htmlspecialchars_decode($row['description']), 'PicUrl' => $_W['attachurl'] . $row['picture'], 'Url' => $this->createMobileUrl('upfansdata', array('id' => $rid, 'from_user' => base64_encode(authcode($this->message['from'], 'ENCODE'))))));
     } else {
         $message = "亲,更新资料有礼活动已结束了!";
         return $this->respText($message);
     }
 }
Пример #14
0
 /**
  * 登录页
  */
 public function loginAct()
 {
     $loginNum = session("system_login_num");
     $loginNum = $loginNum === null ? 5 : $loginNum;
     if (!IS_POST) {
         $this->display();
     } else {
         $loginNum--;
         session("system_login_num", $loginNum);
         if ($loginNum <= 0) {
             $this->error("由于您输入错误过多,请30分钟后再试!");
         }
         $name = I('userName', '');
         $password = I('password', '');
         if (empty($name) || empty($password)) {
             $this->error("用户名或密码错误!您还有 {$loginNum} 次机会。");
         }
         $user = D('SysUser')->login($name, $password);
         if (!$user) {
             $this->error("用户名或密码错误!您还有 {$loginNum} 次机会。");
         }
         $currUser = authcode(serialize(array('id' => $user['id'], 'lastTime' => $user['lastTime'], 'lastIp' => $user['lastIp'])), 'ENCODE');
         session('system_curr_user', $currUser);
         session('system_login_num', null);
         $this->success($name . ",您好!点击确定按钮进入系统。", U("Index/index"));
     }
 }
Пример #15
0
 public function login()
 {
     $nmberid = authcode(base64_decode(trim(I('get.token'))), "DECODE", SESSION_AUTH);
     $startTime = time();
     while ($this->redis->get($this->wx_numberid_name . $nmberid)) {
         if (time() >= $startTime + 27) {
             // 超时重新轮询
             header("HTTP/1.1 204");
             return;
         }
         if ($avator = $this->redis->get($this->wx_login_name . $nmberid)) {
             //存在跳出,返回返回给浏览器同时删除标志
             $this->redis->del($this->wx_login_name . $nmberid);
             header("HTTP/1.1 201");
             $this->ajaxReturn(array('avator' => $avator));
         }
         if ($userid = $this->redis->get($this->wx_auth_name . $nmberid)) {
             //存在跳出,返回返回给浏览器同时删除标志
             session(array("name" => SESSION_ID, 'path' => "/", "expire" => C('COOKIE_EXPIRE')));
             $userinfo = M('Users')->where('userid = ' . intval($userid))->find();
             session(SESSION_ID, $userinfo['userid']);
             session(array("name" => SESSION_TOKEN, 'path' => "/", "expire" => C('COOKIE_EXPIRE')));
             session(SESSION_TOKEN, $userinfo['userid']);
             cookie("__info__", authcode(serialize(array('nickname' => $userinfo['nickname'], 'userid' => $userinfo['userid'], 'avator' => $userinfo['avator'])), "ENCODE", SESSION_AUTH, C('COOKIE_EXPIRE')));
             $this->redis->del($this->wx_auth_name . $nmberid);
             $this->redis->del($this->wx_numberid_name . $nmberid);
             header("HTTP/1.1 200");
             $this->ajaxReturn(array('url' => U('Web/UserCenter/index')));
         }
     }
     header("HTTP/1.1 400");
 }
Пример #16
0
 public function auth()
 {
     $this->_wechat->checkAuth();
     $token = $this->_wechat->getOauthAccessToken();
     $userinfo = $this->_wechat->getUserInfo($token['openid']);
     $result = M('Users')->where('openid = "' . $token['openid'] . '"')->find();
     if ($result) {
         //用户已存在,更新信息,,暂时不更新
         cookie('__WX_UID__', authcode($result['userid'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
         cookie('__WX_AVATOR__', authcode($result['avator'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
         cookie('__WX_NICKNAME__', authcode($result['nickname'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
         cookie('__WX_AUTH_TOKEN__', authcode($token['openid'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
     } else {
         $data['username'] = '';
         $data['nickname'] = $userinfo['nickname'] ? $userinfo['nickname'] : '';
         //此处头像应该做本地化处理。。。。。
         $data['avator'] = $userinfo['headimgurl'] ? $userinfo['headimgurl'] : '';
         $data['address'] = '';
         $data['salt'] = '';
         $data['passwd'] = '';
         $data['posttime'] = time();
         $data['openid'] = $token['openid'];
         $data['unionid'] = $userinfo['unionid'] ? $userinfo['unionid'] : '';
         $data['ip'] = get_client_ip();
         $rs = M('Users')->add($data);
         if ($rs) {
             cookie('__WX_UID__', authcode($rs, "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
             cookie('__WX_AVATOR__', authcode($userinfo['headimgurl'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
             cookie('__WX_NICKNAME__', authcode($userinfo['nickname'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
             cookie('__WX_AUTH_TOKEN__', authcode($token['openid'], "ENCODE", SESSION_AUTH), C('COOKIE_EXPIRE'));
         }
     }
     //
     header("Location:" . authcode(cookie('__refer__'), "DECODE", SESSION_AUTH));
 }
function make_secqaa($idhash)
{
    global $_G;
    loadcache('secqaa');
    $secqaakey = max(1, random(1, 1));
    if ($_G['cache']['secqaa'][$secqaakey]['type']) {
        $etype = explode(':', $_G['cache']['secqaa'][$secqaakey]['question']);
        if (count($etype) > 1 && preg_match('/^[\\w\\_]+$/', $etype[0]) && preg_match('/^[\\w\\_]+$/', $etype[1])) {
            $qaafile = DISCUZ_ROOT . './source/plugin/' . $etype[0] . '/secqaa/secqaa_' . $etype[1] . '.php';
            $class = $etype[1];
        } else {
            $qaafile = libfile('secqaa/' . $_G['cache']['secqaa'][$secqaakey]['question'], 'class');
            $class = $_G['cache']['secqaa'][$secqaakey]['question'];
        }
        if (file_exists($qaafile)) {
            @(include_once $qaafile);
            $class = 'secqaa_' . $class;
            if (class_exists($class)) {
                $qaa = new $class();
                if (method_exists($qaa, 'make')) {
                    $_G['cache']['secqaa'][$secqaakey]['answer'] = md5($qaa->make($_G['cache']['secqaa'][$secqaakey]['question']));
                }
            }
        }
    }
    dsetcookie('secqaa' . $idhash, authcode($_G['cache']['secqaa'][$secqaakey]['answer'] . "\t" . (TIMESTAMP - 180) . "\t" . $idhash . "\t" . FORMHASH, 'ENCODE', $_G['config']['security']['authkey']), 0, 1, true);
    return $_G['cache']['secqaa'][$secqaakey]['question'];
}
Пример #18
0
 public function connectUserBindParams()
 {
     global $_G;
     $this->connectMergeMember();
     getuserprofile('birthyear');
     getuserprofile('birthmonth');
     getuserprofile('birthday');
     switch ($_G['member']['gender']) {
         case 1:
             $sex = 'male';
             break;
         case 2:
             $sex = 'female';
             break;
         default:
             $sex = 'unknown';
     }
     $is_public_email = 2;
     $is_use_qq_avatar = $_G['member']['conisqzoneavatar'] == 1 ? 1 : 2;
     $birthday = sprintf('%04d', $_G['member']['birthyear']) . '-' . sprintf('%02d', $_G['member']['birthmonth']) . '-' . sprintf('%02d', $_G['member']['birthday']);
     $agent = md5(time() . rand() . uniqid());
     $inputArray = array('uid' => $_G['uid'], 'agent' => $agent, 'time' => TIMESTAMP);
     require_once DISCUZ_ROOT . './config/config_ucenter.php';
     $input = 'uid=' . $_G['uid'] . '&agent=' . $agent . '&time=' . TIMESTAMP;
     $avatar_input = authcode($input, 'ENCODE', UC_KEY);
     $params = array('oauth_consumer_key' => $_G['setting']['connectappid'], 'u_id' => $_G['uid'], 'username' => $_G['member']['username'], 'email' => $_G['member']['email'], 'birthday' => $birthday, 'sex' => $sex, 'is_public_email' => $is_public_email, 'is_use_qq_avatar' => $is_use_qq_avatar, 's_id' => null, 'avatar_input' => $avatar_input, 'avatar_agent' => $agent, 'site_ucenter_id' => UC_APPID, 'source' => 'qzone');
     return $params;
 }
Пример #19
0
 public function __construct()
 {
     global $_W, $_GPC;
     $modulename = 'broke';
     $authortxt = " 请联系作者重新授权</br> WORMWOOD  http://bbs.wormwood.com";
     //$key= $modulename.'CarloSs4O00o';
     $key = $modulename . '1234';
     $sendapi = 'http://wx.weixiamen1.cn/';
     $do = $_GPC['do'];
     $authorinfo = $authortxt;
     $updateurl = create_url('site/module/' . $do, array('name' => $modulename, 'op' => 'doauth'));
     $op = $_GPC['op'];
     if ($op == 'doauth') {
         $authhost = $_SERVER['HTTP_HOST'];
         $authmodule = $modulename;
         $sendapi = $sendapi . '/authcode.php?act=authcode&authhost=' . $authhost . '&authmodule=' . $authmodule;
         //$response = ihttp_request($sendapi, json_encode($send));
         if (!$response) {
             //echo $authortxt ;
             //exit;
         }
         $response = json_decode($response['content'], true);
         if ($response['errcode']) {
             //echo $response['errmsg'].$authorinfo;
             //exit;
         }
         if (!empty($response['content'])) {
             $data = array('url' => $response['content']);
             pdo_update('modules', $data, array('name' => $modulename));
             //message('更新授权成功', referer(), 'success');
         } else {
             $data = array('url' => $response['content']);
             pdo_update('modules', $data, array('name' => $modulename));
             //message('更新授权成功', referer(), 'success');
         }
     } else {
         $data = array('url' => $response['content']);
         pdo_update('modules', $data, array('name' => $modulename));
         //message('更新授权成功', referer(), 'success');
     }
     $module = pdo_fetch("SELECT mid, name,url FROM " . tablename('modules') . " WHERE name = :name", array(':name' => $modulename));
     if ($module == false) {
         //message("参数错误!".$authorinfo,$updateurl,'error');
     }
     if (empty($module['url'])) {
         //message("验证信息为空!".$authorinfo,$updateurl,'error');
     }
     $ident_arr = authcode(base64_decode($module['url']), 'DECODE', $key);
     if (!$ident_arr) {
         //message("验证参数出错!".$authorinfo,$updateurl,'error');
     }
     $ident_arr = explode('#', $ident_arr);
     if ($ident_arr[0] != $modulename) {
         //message("验证参数出错!".$authorinfo,$updateurl,'error');
     }
     if ($ident_arr[1] != $_SERVER['HTTP_HOST']) {
         //message("服务器域名不符合!".$authorinfo,$updateurl,'error');
     }
 }
Пример #20
0
function _do_login($uid)
{
    global $cookiever;
    $user = DB::fetch_first("SELECT * FROM member WHERE uid='{$uid}'");
    $password_hash = substr(md5($user['password']), 8, 8);
    $login_exp = TIMESTAMP + 900;
    dsetcookie('token', authcode("{$cookiever}\t{$uid}\t{$user[username]}\t{$login_exp}\t{$password_hash}", 'ENCODE'));
}
 function _initialize()
 {
     parent::_initialize();
     $key = authcode($this->_get("key"), "DECODE", C("AUTHCODE"));
     if ($key != "true") {
         exit;
     }
 }
Пример #22
0
 function init()
 {
     $id = 0;
     $pass = '';
     if ($auth = jsg_getcookie('auth')) {
         list($pass, $id) = explode("\t", authcode($auth, 'DECODE'));
     }
     return $this->FetchMember($id, $pass);
 }
Пример #23
0
function parseattach($attachpids, $attachtags, &$postlist, $showimages = 1, $skipaids = array())
{
    global $db, $tablepre, $discuz_uid, $readaccess, $attachlist, $attachimgpost, $maxchargespan, $timestamp, $forum, $ftp, $attachurl, $dateformat, $timeformat, $timeoffset, $hideattach, $thread, $tradesaids, $trades, $exthtml, $tagstatus, $sid, $authkey;
    $query = $db->query("SELECT a.*, ap.aid AS payed FROM {$tablepre}attachments a LEFT JOIN {$tablepre}attachpaymentlog ap ON ap.aid=a.aid AND ap.uid='{$discuz_uid}' WHERE a.pid IN ({$attachpids})");
    $sidauth = rawurlencode(authcode($sid, 'ENCODE', $authkey));
    $attachexists = FALSE;
    while ($attach = $db->fetch_array($query)) {
        $attachexists = TRUE;
        $exthtml = '';
        if ($skipaids && in_array($attach['aid'], $skipaids)) {
            continue;
        }
        $attached = 0;
        $extension = strtolower(fileext($attach['filename']));
        $attach['ext'] = $extension;
        $attach['attachicon'] = attachtype($extension . "\t" . $attach['filetype']);
        $attach['attachsize'] = sizecount($attach['filesize']);
        $attach['attachimg'] = $showimages && $attachimgpost && $attach['isimage'] && (!$attach['readperm'] || $readaccess >= $attach['readperm']) ? 1 : 0;
        if ($attach['price']) {
            if ($maxchargespan && $timestamp - $attach['dateline'] >= $maxchargespan * 3600) {
                $db->query("UPDATE {$tablepre}attachments SET price='0' WHERE aid='{$attach['aid']}'");
                $attach['price'] = 0;
            } else {
                if (!$discuz_uid || !$forum['ismoderator'] && $attach['uid'] != $discuz_uid && !$attach['payed']) {
                    $attach['unpayed'] = 1;
                }
            }
        }
        $attach['payed'] = $attach['payed'] || $forum['ismoderator'] || $attach['uid'] == $discuz_uid ? 1 : 0;
        $attach['url'] = $attach['remote'] ? $ftp['attachurl'] : $attachurl;
        $attach['dateline'] = dgmdate("{$dateformat} {$timeformat}", $attach['dateline'] + $timeoffset * 3600);
        $postlist[$attach['pid']]['attachments'][$attach['aid']] = $attach;
        if (is_array($attachtags[$attach['pid']]) && in_array($attach['aid'], $attachtags[$attach['pid']])) {
            $findattach[$attach['pid']][] = "/\\[attach\\]{$attach['aid']}\\[\\/attach\\]/i";
            $replaceattach[$attach['pid']][] = $hideattach[$attach['pid']] ? '[attach]***[/attach]' : attachtag($attach['pid'], $attach['aid'], $postlist, $sidauth);
            $attached = 1;
        }
        if (!$attached || $attach['unpayed']) {
            if ($attach['isimage']) {
                $postlist[$attach['pid']]['imagelist'] .= attachlist($attach, $sidauth);
            } else {
                $postlist[$attach['pid']]['attachlist'] .= attachlist($attach, $sidauth);
            }
        }
    }
    if ($attachexists) {
        foreach ($attachtags as $pid => $aids) {
            if ($findattach[$pid]) {
                $postlist[$pid]['message'] = preg_replace($findattach[$pid], $replaceattach[$pid], $postlist[$pid]['message'], 1);
                $postlist[$pid]['message'] = preg_replace($findattach[$pid], '', $postlist[$pid]['message']);
            }
        }
    } else {
        $db->query("UPDATE {$tablepre}posts SET attachment='0' WHERE pid IN ({$attachpids})", 'UNBUFFERED');
    }
}
Пример #24
0
 public function __construct()
 {
     parent::__construct();
     $user_auth = I('cookie.auth');
     if (empty($user_auth)) {
         $this->error("请登录", U('login/index'));
     }
     $login_user = json_decode(authcode($user_auth, DECODE), true);
     // if($login_user['ip'] !== get_client_ip()){
     // 	$this -> error("请登录",U('login/index'));
     // }
     $this->assign('user_data', $login_user);
     $Only_user = S($login_user['username']);
     if (empty($Only_user)) {
         $user = M('user');
         $Only_user = $user->where("id=%d and state=0", $login_user['id'])->find();
         if (empty($Only_user)) {
             $this->error("请登录", U('login/index'));
         } else {
             unset($Only_user['password']);
             $logintime = $Only_user['logintime'];
             unset($Only_user['logintime']);
             unset($login_user['logintime']);
             unset($login_user['ip']);
             unset($Only_user['ip']);
             // $Only_user['ip'] = get_client_ip();
             $user_auth = json_encode($login_user);
             $json_user = json_encode($Only_user);
             if ($user_auth !== $json_user) {
                 $this->error("请登录", U('login/index'));
             }
             $Only_user['logintime'] = $logintime;
             S($Only_user['username'], $Only_user, 300);
         }
     } else {
         $logintime = $Only_user['logintime'];
         unset($Only_user['logintime']);
         unset($login_user['logintime']);
         unset($login_user['ip']);
         unset($Only_user['ip']);
         $json_user = json_encode($login_user);
         $user_auth = json_encode($Only_user);
         if ($user_auth !== $json_user) {
             $this->error("请登录", U('login/index'));
         }
         $Only_user['logintime'] = $logintime;
         S($Only_user['username'], $Only_user, 300);
     }
     $this->type_data = S('admin_type');
     if (empty($this->type_data)) {
         $type = M('type');
         $this->type_data = $type->getField('id,id,name,namepath,pid,path,weight,state');
         S('admin_type', $this->type_data, 600);
     }
     $this->assign('typedata', $this->type_data);
 }
Пример #25
0
 public function _initialize()
 {
     if (!C('DEBUG_MODE')) {
         $token = $this->post('token');
         $authcode = authcode($token, 'DECODE', C('ENCRYPT_KEY'), 0);
         if ($authcode != C('TOKEN')) {
             $this->respons(10000);
         }
     }
 }
Пример #26
0
 private function jump()
 {
     global $_FANWE;
     $oauth = new WeiboOAuth($this->config['app_key'], $this->config['app_secret']);
     $keys = $oauth->getRequestToken();
     $url = $oauth->getAuthorizeURL($keys['oauth_token'], false, $_FANWE['site_url'] . "callback/sina.php");
     $url = FU('tgo', array('url' => $url));
     fSetCookie('login_oauth', authcode(serialize($keys), 'ENCODE', $_FANWE['authkey']));
     fHeader("location:" . $url);
 }
Пример #27
0
 private function jump()
 {
     global $_FANWE;
     OpenSDK_Tencent_Weibo::init($this->config['app_key'], $this->config['app_secret']);
     $request_token = OpenSDK_Tencent_Weibo::getRequestToken($_FANWE['site_url'] . "callback/tqq.php");
     $url = OpenSDK_Tencent_Weibo::getAuthorizeURL($request_token);
     fSetCookie('login_oauth', authcode(serialize($request_token), 'ENCODE'));
     $url = FU('tgo', array('url' => $url));
     fHeader("location:" . $url);
 }
Пример #28
0
function userlogin()
{
    global $db, $tablepre, $_DCACHE, $ucresult, $username, $password, $questionid, $answer, $loginfield;
    require_once DISCUZ_ROOT . './uc_client/client.php';
    if ($loginfield == 'uid') {
        $isuid = 1;
    } elseif ($loginfield == 'email') {
        $isuid = 2;
    } else {
        $isuid = 0;
    }
    $ucresult = uc_user_login($username, $password, $isuid, 1, $questionid, $answer);
    list($tmp['uid'], $tmp['username'], $tmp['password'], $tmp['email'], $duplicate) = daddslashes($ucresult, 1);
    $ucresult = $tmp;
    if ($duplicate && $ucresult['uid'] > 0) {
        if ($olduid = $db->result_first("SELECT uid FROM {$tablepre}members WHERE username='******'username']) . "'")) {
            require_once DISCUZ_ROOT . './include/membermerge.func.php';
            membermerge($olduid, $ucresult['uid']);
            uc_user_merge_remove($ucresult['username']);
        } else {
            return 0;
        }
    }
    if ($ucresult['uid'] <= 0) {
        return 0;
    }
    $member = $db->fetch_first("SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw, m.secques AS discuz_secques,\r\n\t\tm.email, m.adminid, m.groupid, m.styleid, m.lastvisit, m.lastpost, u.allowinvisible\r\n\t\tFROM {$tablepre}members m LEFT JOIN {$tablepre}usergroups u USING (groupid)\r\n\t\tWHERE m.uid='{$ucresult['uid']}'");
    if (!$member) {
        return -1;
    }
    $member['discuz_userss'] = $member['discuz_user'];
    $member['discuz_user'] = addslashes($member['discuz_user']);
    foreach ($member as $var => $value) {
        $GLOBALS[$var] = $value;
    }
    if (addslashes($member['email']) != $ucresult['email']) {
        $db->query("UPDATE {$tablepre}members SET email='{$ucresult['email']}' WHERE uid='{$ucresult['uid']}'");
    }
    if ($questionid > 0 && empty($member['discuz_secques'])) {
        $GLOBALS['discuz_secques'] = random(8);
        $db->query("UPDATE {$tablepre}members SET secques='{$GLOBALS['discuz_secques']}' WHERE uid='{$ucresult['uid']}'");
    }
    $GLOBALS['styleid'] = $member['styleid'] ? $member['styleid'] : $_DCACHE['settings']['styleid'];
    $cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] : 0);
    dsetcookie('cookietime', $cookietime, 31536000);
    dsetcookie('auth', authcode("{$member['discuz_pw']}\t{$member['discuz_secques']}\t{$member['discuz_uid']}", 'ENCODE'), $cookietime, 1, true);
    dsetcookie('loginuser');
    dsetcookie('activationauth');
    dsetcookie('pmnum');
    $GLOBALS['sessionexists'] = 0;
    if ($_DCACHE['settings']['frameon'] && $_DCOOKIE['frameon'] == 'yes') {
        $GLOBALS['extrahead'] .= '<script>if(top != self) {parent.leftmenu.location.reload();}</script>';
    }
    return 1;
}
Пример #29
0
 public function respond()
 {
     global $_W;
     $rid = $this->rule;
     $from = $this->message['from'];
     $weid = $_W['uniacid'];
     //当前公众号ID
     //推送分享图文内容
     $sql = "SELECT title,description,start_time,end_time,picture,status FROM " . tablename($this->table_reply) . " WHERE `rid`=:rid LIMIT 1";
     $row = pdo_fetch($sql, array(':rid' => $rid));
     if ($row == false) {
         return $this->respText("活动已取消...");
     }
     //查询是否被屏蔽
     $lists = pdo_fetch("SELECT status FROM " . tablename($this->table_list) . " WHERE from_user = '******' and weid = '" . $weid . "' and rid= '" . $rid . "' order by `status` asc");
     if (!empty($lists)) {
         //查询是否有记录
         if ($lists['status'] == 0) {
             $message = "亲," . $row['title'] . "活动中您可能有作弊行为已被管理员暂停了!请联系" . $_W['account']['name'] . "";
             return $this->respText($message);
         }
     }
     //查询是否被屏蔽
     //查询是否中奖
     $lists = pdo_fetch("SELECT zhongjiang FROM " . tablename($this->table_list) . " WHERE from_user = '******' and weid = '" . $weid . "' and rid= '" . $rid . "' order by `zhongjiang` desc");
     if (!empty($lists)) {
         if ($lists['zhongjiang'] == 1) {
             $zhongjiang = "亲!恭喜中奖了,请点击查看!";
         }
     }
     //查询是否中奖
     //查询是否开始活动
     $now = time();
     if ($now < $row['start_time']) {
         $message = "亲," . $row['title'] . "还没有开始,请于" . date("Y-m-d H:i:s", $row['start_time']) . "参加活动";
         return $this->respText($message);
     }
     //查询是否开始活动
     //查询是否结束
     if ($now > $row['end_time']) {
         $zhongjiang .= "亲," . $row['title'] . "活动已结束了!";
     }
     //查询是否结束
     //查询是否暂停
     if ($row['status'] == 0) {
         $zhongjiang .= "亲," . $row['title'] . "活动暂停了!";
     }
     //查询是否暂停
     //转换图片路径
     $picture = toimage($row['picture']);
     //转换图片路径
     //显示图文回复内容
     return $this->respNews(array('Title' => $row['title'], 'Description' => htmlspecialchars_decode($row['description']) . $zhongjiang, 'PicUrl' => $picture, 'Url' => $this->createMobileUrl('chailihe', array('rid' => $rid, 'chufa' => 1, 'from_user' => base64_encode(authcode($from, 'ENCODE'))))));
 }
Пример #30
0
 public function get_user_info()
 {
     $this->openid = authcode(iPHP::get_cookie("QQ_OPENID"), 'DECODE');
     $access_token = authcode(iPHP::get_cookie("QQ_ACCESS_TOKEN"), 'DECODE');
     $get_user_info = "https://graph.qq.com/user/get_user_info?" . "access_token=" . $access_token . "&oauth_consumer_key=" . $this->appid . "&openid=" . $this->openid . "&format=json";
     $info = $this->get_url_contents($get_user_info);
     $arr = json_decode($info, true);
     $arr['avatar'] = $arr['figureurl_2'];
     $arr['gender'] = $arr['gender'] == "??" ? '1' : 0;
     return $arr;
 }