function levelup($id)
{
$con = mysqli_connect("localhost", "u242089643_jucy", "gksdid1!");
if (!$con) {
die('연결 안됨: ' . mysqli_error());
} else {
mysqli_select_db($con, "u242089643_tdc");
}
$check = checkuser($id, $con);
if ($check != "empty") {
$resultset = mysqli_query($con, "update user_info set user_level = 10 where id = '{$id}'");
mysqli_close($con);
return array(array("success"));
}
mysqli_close($con);
return array(array("empty"));
}
function checkmailvalid($to, $title, $body)
{
$a = checkuser();
$username = $a[0];
if ($username == "") {
echo '-15';
exit;
}
$time = time();
date_default_timezone_set('Asia/Shanghai');
writelog("[" . date("r", $time) . "][E-mail send to {$to} from {$username}] [Title: {$title}] {$body}\n");
}
function checksmsvalid($phone, $text)
{
$a = checkuser();
$username = $a[0];
if ($username == "") {
echo '-15';
exit;
}
dbconnect();
$time = time();
$statement = "select number from capubbs.sms where username='******' && {$time}-timestamp<1800";
$results = mysql_query($statement);
if (mysql_num_rows($results) >= 2) {
echo '-22';
exit;
}
$ip = @$_SERVER['REMOTE_ADDR'];
$statement = "insert into capubbs.sms values (null,'{$username}','{$phone}','{$text}','{$ip}',{$time})";
mysql_query($statement);
writelog("[SMS send to {$phone}] {$text}\n");
}
$db_database = "printinginfo";
$db_username = "******";
$db_password = "******";
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
die("unable to connect to MySQL : " . mysql_error());
}
mysql_select_db($db_database) or die("Unable to select database:" . mysql_error());
if ($_POST['l_username']) {
$username = $_POST['l_username'];
$pass = $_POST['l_pass'];
if ($username == "admin" && $pass == "admin") {
session_start();
header("Location: http://www.riteshvaryani.uphero.com/admin.php?username={$username}");
} else {
if (!checkuser($username, $db_server) && $username != null && $pass != null) {
$query = "SELECT password FROM userinfo where username='******'";
$result = mysql_query($query, $db_server);
while ($row = mysql_fetch_array($result)) {
$ans = $row['password'];
}
if ($ans == $pass) {
session_start();
header("Location: http://www.riteshvaryani.uphero.com/12.php?username={$username}");
} else {
echo "Wrong username or password.";
}
} else {
echo "Wrong username or password.";
}
}
function check_user($username, $password)
{
$username = safe_convert(addslashes($username));
//2007-1-20 Security Fix
$password = safe_convert(addslashes($password));
//2007-1-20 Security Fix
$userdetail = checkuser($username, $password);
if (!$userdetail) {
xml_error("Authentification failed by the conbination of provided username ({$username}) and password.");
} else {
return $userdetail;
}
}
$u = $post['user'];
$users[$u] = loaduser($u, 1);
if ($post['thread'] == $id) {
$quotemsg = "[quote={$users[$u]['name']}]{$post['text']}[/quote]\r\n";
}
}
print "\n\t\t\t<body>\n\t\t\t{$tccellh} width=150> </td>{$tccellh} colspan=2> <tr>\n\t\t\t{$tccell1}><b>{$passhint}</td> {$tccell2l} colspan=2>\n\t\t\t{$altloginjs}\n\t\t\t<b>Username:</b> {$inpt}=username VALUE=\"" . htmlspecialchars($username) . "\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\">\n\n\t\t\t<!-- Hack around autocomplete, fake inputs (don't use these in the file) -->\n\t\t\t<input style=\"display:none;\" type=\"text\" name=\"__f__usernm__\">\n\t\t\t<input style=\"display:none;\" type=\"password\" name=\"__f__passwd__\">\n\n\t\t\t<b>Password:</b> {$inpp}=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\">\n\t\t\t</span><tr>\n\t\t\t{$tccell1}><b>Reply:</td>\n\t\t\t{$tccell2l} width=800px valign=top>\n\t\t\t{$txta}=message ROWS=21 COLS={$numcols} style=\"width: 100%; max-width: 800px; resize:vertical;\">" . htmlspecialchars($quotemsg, ENT_QUOTES) . "</TEXTAREA></td>\n\t\t{$tccell2l} width=*>" . moodlist(filter_int($moodid)) . "</td><tr>\n\t\t<tr>\n\t\t\t{$tccell1}> </td>{$tccell2l} colspan=2>\n\t\t\t{$inph}=action VALUE=postreply>\n\t\t\t{$inph}=id VALUE={$id}>\n\t\t\t{$inph}=valid value=\"" . md5($_SERVER['REMOTE_ADDR'] . $id . "sillysaltstring") . "\">\n\t\t\t{$inps}=submit VALUE=\"Submit reply\">\n\t\t\t{$inps}=preview VALUE=\"Preview reply\"></td>\n\t\t<tr>{$tccell1}><b>Options:</b></td>{$tccell2l} colspan=2>\n\t\t\t{$inpc}=\"nosmilies\" id=\"nosmilies\" value=\"1\"><label for=\"nosmilies\">Disable Smilies</label> -\n\t\t\t{$inpc}=\"nolayout\" id=\"nolayout\" value=\"1\"><label for=\"nolayout\">Disable Layout</label> -\n\t\t\t{$inpc}=\"nohtml\" id=\"nohtml\" value=\"1\"><label for=\"nohtml\">Disable HTML</label></td></tr>\n\t\t\t{$modoptions}\n\t\t\t{$tblend}\n\t\t\t<br>\n\t\t\t{$tblstart}{$postlist}{$tblend}\n\t\t</table>\n\t\t\t</form>\n\t\t{$fonttag}<a href=index.php>{$boardname}</a> - <a href=forum.php?id={$forumid}>{$forum['title']}</a> - {$thread['title']}";
} elseif (!$_POST['action']) {
print $header;
print "{$tccell1}>You are not allowed to post in this thread.\n\t\t<br>" . redirect("index.php", 'return to the index page', 0) . "</table>";
}
if ($_POST['action'] == 'postreply' && !($banned && $log) && $id > 0) {
if ($log && !$password) {
$userid = $loguserid;
} else {
$userid = checkuser($username, $password);
}
$error = '';
if ($userid == -1) {
$error = "Either you didn't enter an existing username, or you haven't entered the right password for the username.";
} else {
$user = @$sql->fetchq("SELECT * FROM users WHERE id='{$userid}'");
if ($thread['closed']) {
$error = 'The thread is closed and no more replies can be posted.';
}
if ($user['powerlevel'] < $forum['minpowerreply']) {
$error = 'Replying in this forum is restricted, and you are not allowed to post in this forum.';
}
if (!$message) {
$error = "You didn't enter anything in the post.";
}
function checkuser($username, $name)
{
global $dbm;
$sqlstr = "select * from " . TB_PREFIX . "user_list where uname='{$username}'";
$user = $dbm->scalar($sqlstr);
if (count($user) > 0 && $user['uid'] != "") {
$name .= "_" . rand(1000, 9999);
return checkuser($name, $username);
} else {
return $username;
}
}
return 1;
}
}
$db_hostname = "localhost";
$db_database = "printdoc";
$db_username = "******";
$db_password = "";
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
die("unable to connect to MySQL : " . mysql_error());
}
mysql_select_db($db_database) or die("Unable to select database:" . mysql_error());
if ($_POST['l_username']) {
$username = $_POST['l_username'];
$pass = $_POST['l_pass'];
if (!checkuser($username, $db_server) && $username != "" && $pass != "") {
$query = "SELECT password FROM userinfo where username='******'";
$result = mysql_query($query, $db_server);
while ($row = mysql_fetch_array($result)) {
$ans = $row['password'];
}
if ($ans === MD5($pass)) {
session_start();
header("Location: http://localhost/project/1.php");
} else {
echo "Wrong username or password.";
}
} else {
echo "Wrong username or password.";
}
}
// PREPARE
///////////////////////////////////
if (!$loginform) {
if ($loginsession) {
$loginform[username] = $loginsession[user_login];
$loginform[userpassword] = $loginsession[user_password];
} elseif ($cookie_user_id && $cookie_user_password) {
$user = getuser($cookie_user_id);
$loginform[username] = $user[user_login];
$loginform[userpassword] = $cookie_user_password;
}
}
///////////////////////////////////
// CHECK
///////////////////////////////////
$login = checkuser($logout);
///////////////////////////////////
// LOGIN SUCCESSFULL ??????
///////////////////////////////////
if (!is_array($login)) {
#######LOGIN FAILED#######
if ($login == "1") {
eval("\$inc[action] = \"" . gettemplate("fail.login.noexistinguser") . "\";");
} elseif ($login == "2") {
eval("\$inc[action] = \"" . gettemplate("fail.login.blockeduser") . "\";");
} elseif ($login == "3") {
eval("\$inc[action] = \"" . gettemplate("fail.login.wrongpassword") . "\";");
} elseif ($login == "4") {
eval("\$inc[action] = \"" . gettemplate("fail.login.usernotactiv") . "\";");
} elseif ($login == "5") {
eval("\$inc[action] = \"" . gettemplate("logout") . "\";");
function testcheckuser()
{
$id = "123";
return checkuser($id);
}
//验证是否受保护、创始人、有站点设置权限的人禁止找回密码方式修改密码
$founderarr = explode(',', $_SC['founder']);
if ($space['flag'] || in_array($space['uid'], $founderarr) || checkperm('admin')) {
showmessage('reset_passwd_account_invalid');
}
if (!@(include_once S_ROOT . './uc_client/client.php')) {
showmessage('system_error');
}
if (uc_user_edit(addslashes($space['username']), $_POST['newpasswd1'], $_POST['newpasswd1'], $space['email'], 1) > 0) {
updatetable('spacefield', array('authstr' => ''), array('uid' => $uid));
}
showmessage('修改密码成功,请用新密码登录,谢谢!', 'space.php?do=home', 2);
}
if ($op == 'reset') {
$query = $_SGLOBAL['db']->query('SELECT s.username, sf.email, sf.authstr FROM ' . tname('space') . ' s, ' . tname('spacefield') . " sf WHERE s.uid='{$_GET['uid']}' AND sf.uid=s.uid");
$space = $_SGLOBAL['db']->fetch_array($query);
checkuser($_GET['id'], $space);
}
include template('do_lostpasswd');
//验证地址地否有效
function checkuser($id, $space)
{
global $_SGLOBAL;
if (empty($space)) {
showmessage('user_does_not_exist');
}
list($dateline, $operation, $idstring) = explode("\t", $space['authstr']);
if ($dateline < $_SGLOBAL['timestamp'] - 86400 * 3 || $operation != 1 || $idstring != $id) {
showmessage('getpasswd_illegal');
}
}
$facebook = new Facebook(array('appId' => '366885740127144', 'secret' => 'c4c08662da673dbb6af4538b6481ead3', 'cookie' => true));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
$fbid = $user_profile['id'];
// To Get Facebook ID
$fbuname = $user_profile['username'];
// To Get Facebook Username
$fbfullname = $user_profile['name'];
// To Get Facebook full name
$femail = $user_profile['email'];
// To Get Facebook email ID
/* ---- Session Variables -----*/
$_SESSION['FBID'] = $fbid;
$_SESSION['USERNAME'] = $fbuname;
$_SESSION['FULLNAME'] = $fbfullname;
$_SESSION['EMAIL'] = $femail;
checkuser($fbid, $fbuname, $fbfullname, $femail);
// To update local DB
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
if ($user) {
header("Location: home5.php");
} else {
$loginUrl = $facebook->getLoginUrl(array('scope' => 'email', 'user_about_me'));
header("Location: " . $loginUrl);
}
** This file is part of the nuBuilder source package and is licensed under the
** GPLv3. For support on developing in nuBuilder, please visit the nuBuilder
** wiki and forums. For details on contributing a patch for nuBuilder, please
** visit the `Project Contributions' forum.
**
** Website: http://www.nubuilder.com
** Wiki: http://wiki.nubuilder.com
** Forums: http://forums.nubuilder.com
*/
include $GLOBALS['StartingDirectory'] . "/database.php";
include "general.php";
include "editlibrary.php";
$setup = setup();
$uniq = uniqid(1);
//------------ validate user
$ck = checkuser($access);
if ($ck == '') {
return;
}
$GLOBALS['ArrayName'][] = '';
jinclude("general");
$t = RunQuery("SELECT * FROM sysscreen WHERE ssQuery = 'SCANYREPORT'");
$r = mysql_fetch_object($t);
$PHPjavascript = $r->ssJavaScript;
if ($PHPjavascript != '') {
print "<script type='text/javascript' language='javascript'>\n\n\n";
print $PHPjavascript;
print "\n\n\n</script>\n\n";
}
//-----get information for this report
$table = RunQuery("SELECT * FROM sysreport WHERE sysreportID = '{$id}'");
$session = $helper->getSessionFromRedirect();
} catch (FacebookRequestException $ex) {
// When Facebook returns an error
} catch (Exception $ex) {
// When validation fails or other local issues
}
// see if we have a session
if (isset($session)) {
// graph api request for user data
$request = new FacebookRequest($session, 'GET', '/me');
$response = $request->execute();
// get response
$graphObject = $response->getGraphObject();
$fbid = $graphObject->getProperty('id');
// To Get Facebook ID
$fbfullname = $graphObject->getProperty('name');
// To Get Facebook full name
$femail = $graphObject->getProperty('email');
// To Get Facebook email ID
/* ---- Session Variables -----*/
$_SESSION['FBID'] = $fbid;
$_SESSION['FULLNAME'] = $fbfullname;
$_SESSION['EMAIL'] = $femail;
$_SESSION['loged_user_name'] = $_SESSION['FULLNAME'];
checkuser($fbid, $fbfullname, $_SESSION['EMAIL']);
/* ---- header location after session ----*/
header("Location: http://www.maverickgame.com/maverick-user-profile");
} else {
$loginUrl = $helper->getLoginUrl();
header("Location: " . $loginUrl);
}
function deldownload()
{
$res = checkuser();
$rights = intval($res[1]);
if ($rights == 0) {
echo '-18';
exit;
}
$id = @$_POST['id'];
dbconnect();
$statement = "delete from capubbs.downloads where id={$id}";
mysql_query($statement);
echo mysql_errno();
exit;
}
while ($f = $dir->read()) {
if (preg_match("#^addon#i", $f)) {
include @dirname(__FILE__) . "/" . $f;
}
}
$login = checkuser();
}
###############
if ($action == "deleteaccount") {
if ($form[yes]) {
$db->query_str("UPDATE {$tab['user']} SET activated='0' WHERE id='{$login['id']}'");
eval("\$mail_body \t= \"" . gettemplate("profil.mail.deleteaccount.body") . "\";");
eval("\$mail_subject \t= \"" . gettemplate("profil.mail.deleteaccount.subject") . "\";");
eval("\$mail_header \t= \"" . gettemplate("profil.mail.deleteaccount.header") . "\";");
$sendmail->mail($login[reg_email], $mail_subject, $mail_body, $mail_header);
checkuser(1);
header("LOCATION: index.php");
}
if ($form[no]) {
unset($inc[action]);
}
}
###############
if ($action == "save_avatar") {
$avatarpic = $HTTP_POST_FILES[avatarpic];
$avatarpic_name = $avatarpic[name];
$avatarpic_path = $avatarpic[tmp_name];
$avatarpic_type = $avatarpic[type];
$avatarpic_size = $avatarpic[size];
if ($form[unlink]) {
$olduseravatar = $db->query_str("SELECT * FROM {$tab['avatar']} WHERE userid=1 LIMIT 1");
$helper = new FacebookRedirectLoginHelper($redirect_url);
$session = $helper->getSessionFromRedirect();
try {
$session = $helper->getSessionFromRedirect();
} catch (FacebookRequestException $ex) {
// When Facebook returns an error
} catch (\Exception $ex) {
// When validation fails or other local issues
}
if ($session) {
// Logged in
}
if (isset($session)) {
// graph api request for user data
$request = new FacebookRequest($session, 'GET', '/me?fields=id,email,first_name,middle_name,last_name');
$response = $request->execute();
$graph = $response->getGraphObject(GraphUser::className());
$_SESSION['FBID'] = $graph->getId();
$_SESSION['NAME'] = $graph->getName();
$_SESSION['FIRST_NAME'] = $graph->getFirstName();
$_SESSION['MIDDLE_NAME'] = $graph->getMiddleName();
$_SESSION['LAST_NAME'] = $graph->getLastName();
$_SESSION['EMAIL'] = $graph->getEmail();
checkuser($_SESSION['EMAIL'], $_SESSION['FBID'], $_SESSION['FIRST_NAME'], $_SESSION['MIDDLE_NAME'], $_SESSION['LAST_NAME'], $_SESSION['username'], $db);
header("location:" . $return_url);
} else {
$loginUrl = $helper->getLoginUrl();
header("location:" . $loginUrl);
exit;
}
$db->close();
<?php
include 'modules.php';
session_start();
header("Location: index.php");
if (checkuser($_SESSION['FBID'])) {
header("Location: errorpage.php");
} else {
if (!isset($_SESSION['FBID'])) {
header("Location: index.php");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Contestent Profiles</title>
<link rel="stylesheet"
href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script
src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<link rel="stylesheet" href="css/index.css" type="text/css">
<link rel="stylesheet" href="css/registration.css" type="text/css">
<script>
$(document).ready(function () {
$('.applyPosition :checkbox').change(function () {
var $cs=$(this).closest('.applyPosition').find(':checkbox:checked');
if ($cs.length > 4) {
<?php
session_start();
require "dbase/dbFunction.php";
$cmd = $_POST['cmd'];
switch ($cmd) {
case 'checkNameExist':
$name = $_POST['name'];
$res = checkuser("name", $name);
echo $res;
break;
case 'checkEmailExist':
$email = $_POST['email'];
$res = checkuser("email", $email);
echo $res;
break;
case 'getUserPos':
if (isset($_SESSION['name'])) {
$name = $_SESSION['name'];
$res = getUserPos($name);
echo $res;
} else {
echo "0 0";
}
break;
case 'setUserPos':
if (isset($_SESSION['name'])) {
$name = $_SESSION['name'];
$longitude = $_POST['longitude'];
$latitude = $_POST['latitude'];
$res = setUserPos($longitude, $latitude);
}
}
function filexist($filename)
{
if (file_exists('../cache/' . $filename)) {
unlink('../cache/' . $filename);
echo '0';
} else {
echo '1';
}
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'user1') {
echo checkuser($_REQUEST['captcha']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'user') {
echo checkuser($_REQUEST['username']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'mail') {
echo checkmail($_REQUEST['email']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'userc') {
echo checkuserc($_REQUEST['username']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'mailc') {
echo checkmailc($_REQUEST['email']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'df') {
echo deletfile($_REQUEST['df']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'fe') {
echo filexist($_REQUEST['fe']);
}
}
?>
<div class='sform' >
<form method="POST" action="<?php
echo $_SERVER['PHP_SELF'];
?>
" enctype="multipart/form-data">
<br/>User Name:<br/>
<input type='text' class="tb" name='username' maxlength='50'/>
<input type="submit" style="background:#FFFFFF;border-style:outset;border-width:1px;color:#0000FF" name="CheckAvailability" value="Check Availability"/>
<br/>
<?php
if (isset($_POST['CheckAvailability'])) {
if (!empty($_POST['username'])) {
checkuser($_POST['username']);
} else {
echo "<script language=\"javascript\" type=\"text/javascript\">";
echo "alert('Fill in user name to check :)')";
echo "</script>";
}
}
?>
<br/>Name: <br/>
<input type='text' class="tb" name='name' maxlength='50'/><br/>
<br/>Password: <br/>
<input type="password" class="tb" name="password" maxlength='50'/><br/>(minimum length 6 letters)<br/>
<br/>Confirm Password: <br/>
<input type="password" class="tb" name="password_check" maxlength='50'/>
<br/>DOB:<br/>
<?php
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="/assets/css/bootstrap.min.css" rel="stylesheet">
<link href="/assets/css/nivo-slider.css" rel="stylesheet">
<link href="/assets/css/dark.css" rel="stylesheet">
<link href="/assets/css/eventCalendar.css" rel="stylesheet">
<link href="/assets/css/eventCalendar_theme_responsive.css" rel="stylesheet">
<link href="/assets/css/lightbox.css" rel="stylesheet">
<link href="/assets/css/style.css" rel="stylesheet">
<link rel="shortcut icon" href="/assets/images/capu.jpg">
</head>
<body>
<?php
require_once '../lib.php';
$res = checkuser();
$username = $res[0];
$rights = intval($res[1]);
date_default_timezone_set("Asia/Shanghai");
dbconnect();
$statement = "select * from capubbs.mainpage where id=0";
$results = mysql_query($statement);
$imgs = array();
$imgthumbs = array();
$imgtxts = array();
while ($res = mysql_fetch_array($results)) {
array_push($imgs, $res[2]);
array_push($imgthumbs, $res[3]);
array_push($imgtxts, $res[4]);
}
$imgnum = count($imgs);
if (!$auth_code->validate($code)) {
$param['msg'] = '校验码错误,请重新输入';
$param['codeNum'] = FAILURE_NUM;
showTpl($smarty, $param);
exit;
}
}
$soapData = array();
$soap = new Soap_xjt();
$result = $soap->login($account, $pwd, $soapData);
if ($result) {
$_SESSION['login_failure'] = 0;
//修改失败次数为0
$_SESSION['userData'] = $soapData;
$u_ary = array('login_failure' => 0);
if (!checkuser($account)) {
$u_ary['m_account'] = $account;
$u_ary['m_pwd'] = '';
$u_ary['m_name'] = $soapData['AccName'];
$u_ary['m_school'] = $soapData['schName'];
$u_ary['m_group'] = 2;
//普通用户
$db->insert(TABLE_CZECH_MEMBER, $u_ary);
}
$strsql = 'select * from ' . TABLE_CZECH_MEMBER . ' where m_account = \'' . $account . '\'';
$rows = $db->fetchRow($strsql);
$session_id = md5(time() + rand(10, 99));
$i_ary = array('session_id' => $session_id, 'm_id' => $rows['m_id'], 'start_time' => time(), 'end_time' => time() + $system_config['cookie_time']);
$db->insert(TABLE_CZECH_SESSION, $i_ary);
//保存COOKIE
setcookie('session_id', $session_id, time() + $system_config['cookie_time'], '/', $system_config['cookie_domain'], 0);
}
checkuser($_POST['id'], $member['authstr']);
uc_user_edit(addslashes($member['username']), $_POST['newpasswd'], $_POST['newpasswd'], $_POST['email'], 1);
updatetable('members', array('authstr' => ''), array('uid' => $_POST['uid']));
showmessage('getpasswd_succeed', geturl('action/login'));
}
$_GET['op'] = trim($_GET['op']);
if ($_GET['op'] == 'reset') {
$_GET['uid'] = intval($_GET['uid']);
$_GET['id'] = trim($_GET['id']);
$query = $_SGLOBAL['db']->query("SELECT uid, username, authstr FROM " . tname('members') . " WHERE uid='{$_GET['uid']}'");
$member = $_SGLOBAL['db']->fetch_array($query);
if (empty($member)) {
showmessage('user_does_not_exist', geturl('action/login'));
}
$user = uc_get_user($member['username']);
checkuser($_GET['id'], $member['authstr']);
}
include template('site_lostpasswd');
//验证地址地否有效
function checkuser($id, $space)
{
global $_SGLOBAL;
if (empty($space)) {
showmessage('link_failure', geturl('action/login'));
}
list($dateline, $operation, $idstring) = explode("\t", $space);
if ($dateline < $_SGLOBAL['timestamp'] - 86400 * 3 || $operation != 1 || $idstring != $id) {
showmessage('getpasswd_illegal');
}
}
function check_user_pw($username, $password)
{
$userdetail = checkuser($username, $password);
if (!$userdetail) {
xml_error("Authentification failed by the conbination of provided username ({$username}) and password.");
} else {
return $userdetail;
}
}
$thisboard = getboard($boardid);
}
if ($threadid) {
$thisthread = getthread($threadid);
}
if (!$boardid && $threadid) {
$thisboard = getboard($thisthread[parent_boardid]);
}
/////////////////////////////////////////////////
#############################
if ($action) {
#######
if ($action == "markallread") {
if ($login[id]) {
$query_str = $db->query_str("UPDATE {$tab['user']} SET last_forum_read='" . time() . "' WHERE id='{$login['id']}'");
$login = checkuser();
}
}
#######
if ($action == "checkpassword") {
if (!checkboardpassword($form[boardpassword], $thisboard)) {
eval("\$failpassword =\"" . gettemplate("forum.boardpassword.wrong") . "\";");
} else {
$boardpassword_c[$thisboard[id]] = $thisboard[board_password];
}
}
#######
if ($action == nonotify) {
if ($notifyid) {
list($threadid) = $db->query("SELECT threadid FROM {$tab['forum_notify']} WHERE id='{$notifyid}' AND userid='{$login['id']}'");
if (!($thread = getthread($threadid))) {
$mysql_pass = $config_db_password;
$mysql_server = $config_db_host;
$mysql_port = $config_db_port;
$mysql_dbname = $config_db_database;
$connect = mysql_connect($mysql_server, $mysql_user, $mysql_pass) or die(mysql_error());
mysql_select_db("{$mysql_dbname}") or die(mysql_error());
function checkuser($user, $password)
{
$result = mysql_query("select user from users where user='******' and password=password('{$password}')") or die(mysql_error());
return mysql_num_rows($result);
}
function authuser()
{
header('WWW-Authenticate: Basic realm="Authenticate: SQUID Traffic Inspection System"');
header('HTTP/1.0 401 Unauthorized');
echo error401();
exit;
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authuser();
} else {
if (checkuser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
$authuser = $_SERVER['PHP_AUTH_USER'];
$result = mysql_query("select admin from users where user='******'") or die(mysql_error());
$admin = mysql_result($result, "admin");
$_SESSION['session_username'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['session_admin'] = $admin;
} else {
authuser();
}
}
