Пример #1
0
function AddGbook($add)
{
    global $empire, $dbtbpre, $level_r, $public_r;
    //验证IP
    eCheckAccessDoIp('gbook');
    CheckCanPostUrl();
    //验证来源
    $bid = (int) getcvar('gbookbid');
    if (empty($bid)) {
        $bid = intval($add[bid]);
    }
    $name = RepPostStr(trim($add[name]));
    $email = RepPostStr($add[email]);
    $call = RepPostStr($add[call]);
    $lytext = RepPostStr($add[lytext]);
    if (empty($bid) || empty($name) || empty($email) || !trim($lytext)) {
        printerror("EmptyGbookname", "history.go(-1)", 1);
    }
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    //验证码
    $keyvname = 'checkgbookkey';
    if ($public_r['gbkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $lasttime = getcvar('lastgbooktime');
    if ($lasttime) {
        if (time() - $lasttime < $public_r['regbooktime']) {
            printerror("GbOutTime", "", 1);
        }
    }
    //版面是否存在
    $br = $empire->fetch1("select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='{$bid}';");
    if (empty($br[bid])) {
        printerror("EmptyGbook", "history.go(-1)", 1);
    }
    //权限
    if ($br['groupid']) {
        $user = islogin();
        if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
            printerror("HaveNotEnLevel", "history.go(-1)", 1);
        }
    }
    $lytime = date("Y-m-d H:i:s");
    $ip = egetip();
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    $sql = $empire->query("insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('{$name}','{$email}','{$call}','{$lytime}','{$lytext}','','{$bid}','{$ip}','{$br['checked']}','{$userid}','{$username}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        esetcookie("lastgbooktime", time(), time() + 3600 * 24);
        //设置最后发表时间
        $reurl = DoingReturnUrl("../tool/gbook/?bid={$bid}", $add['ecmsfrom']);
        printerror("AddGbookSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Пример #2
0
function AddMemberFeedback($add)
{
    global $empire, $dbtbpre;
    //验证码
    $keyvname = 'checkspacefbkey';
    ecmsCheckShowKey($keyvname, $add['key'], 1);
    //用户
    $userid = intval($add['userid']);
    $ur = $empire->fetch1("select " . egetmf('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
    if (empty($ur['userid'])) {
        printerror("NotUsername", "", 1);
    }
    //发表者
    $uid = (int) getcvar('mluserid');
    if ($uid) {
        $uname = RepPostVar(getcvar('mlusername'));
    } else {
        $uid = 0;
        $uname = '';
    }
    $uname = RepPostStr($uname);
    $name = RepPostStr($add['name']);
    $company = RepPostStr($add['company']);
    $phone = RepPostStr($add['phone']);
    $fax = RepPostStr($add['fax']);
    $email = RepPostStr($add['email']);
    $address = RepPostStr($add['address']);
    $zip = RepPostStr($add['zip']);
    $title = RepPostStr($add['title']);
    $ftext = RepPostStr($add['ftext']);
    if (!trim($name) || !trim($title) || !trim($ftext)) {
        printerror("EmptyMemberFeedback", "history.go(-1)", 1);
    }
    $addtime = date("Y-m-d H:i:s");
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsmemberfeedback(name,company,phone,fax,email,address,zip,title,ftext,userid,ip,uid,uname,addtime,eipport) values('{$name}','{$company}','{$phone}','{$fax}','{$email}','{$address}','{$zip}','{$title}','{$ftext}',{$userid},'{$ip}',{$uid},'{$uname}','{$addtime}','{$eipport}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        printerror("AddMemberFeedbackSuccess", $_SERVER['HTTP_REFERER'], 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Пример #3
0
function AddMemberGbook($add)
{
    global $empire, $dbtbpre;
    //验证码
    $keyvname = 'checkspacegbkey';
    ecmsCheckShowKey($keyvname, $add['key'], 1);
    //用户
    $userid = intval($add['userid']);
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
    if (empty($ur['userid'])) {
        printerror("NotUsername", "", 1);
    }
    //发表者
    $uid = (int) getcvar('mluserid');
    if ($uid) {
        $uname = RepPostVar(getcvar('mlusername'));
    } else {
        $uid = 0;
        $uname = trim($add['uname']);
    }
    $uname = RepPostStr($uname);
    $gbtext = RepPostStr($add['gbtext']);
    if (empty($uname) || !trim($gbtext)) {
        printerror("EmptyMemberGbook", "history.go(-1)", 1);
    }
    $isprivate = intval($add['isprivate']);
    $addtime = date("Y-m-d H:i:s");
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsmembergbook(userid,isprivate,uid,uname,ip,addtime,gbtext,retext,eipport) values({$userid},{$isprivate},{$uid},'{$uname}','{$ip}','{$addtime}','{$gbtext}','','{$eipport}');");
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        printerror("AddMemberGbookSuccess", $_SERVER['HTTP_REFERER'], 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Пример #4
0
function AddFeedback($add)
{
    global $empire, $dbtbpre, $level_r, $public_r;
    CheckCanPostUrl();
    //验证来源
    if ($add['bid']) {
        $bid = (int) $add['bid'];
    } else {
        $bid = (int) getcvar('feedbackbid');
    }
    if (empty($bid)) {
        printerror("EmptyFeedbackname", "history.go(-1)", 1);
    }
    //验证码
    $keyvname = 'checkfeedbackkey';
    if ($public_r['fbkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    //版面是否存在
    $br = $empire->fetch1("select bid,enter,mustenter,filef,groupid,checkboxf from {$dbtbpre}enewsfeedbackclass where bid='{$bid}';");
    if (empty($br['bid'])) {
        printerror("EmptyFeedback", "history.go(-1)", 1);
    }
    //权限
    if ($br['groupid']) {
        $user = islogin();
        if ($level_r[$br[groupid]][level] > $level_r[$user[groupid]][level]) {
            printerror("HaveNotEnLevel", "history.go(-1)", 1);
        }
    }
    $pr = $empire->fetch1("select feedbacktfile,feedbackfilesize,feedbackfiletype from {$dbtbpre}enewspublic limit 1");
    //必填项
    $mustr = explode(",", $br['mustenter']);
    $count = count($mustr);
    for ($i = 1; $i < $count - 1; $i++) {
        $mf = $mustr[$i];
        if (strstr($br['filef'], "," . $mf . ",")) {
            if (!$pr['feedbacktfile']) {
                printerror("NotOpenFBFile", "", 1);
            }
            if (!$_FILES[$mf]['name']) {
                printerror("EmptyFeedbackname", "", 1);
            }
        } else {
            $chmustval = ReturnFBCheckboxAddF($add[$mf], $mf, $br['checkboxf']);
            if (!trim($chmustval)) {
                printerror("EmptyFeedbackname", "", 1);
            }
        }
    }
    $saytime = date("Y-m-d H:i:s");
    //字段处理
    $dh = "";
    $tranf = "";
    $record = "<!--record-->";
    $field = "<!--field--->";
    $er = explode($record, $br['enter']);
    $count = count($er);
    for ($i = 0; $i < $count - 1; $i++) {
        $er1 = explode($field, $er[$i]);
        $f = $er1[1];
        //附件
        $add[$f] = str_replace('[!#@-', 'ecms', $add[$f]);
        if (strstr($br['filef'], "," . $f . ",")) {
            if ($_FILES[$f]['name']) {
                if (!$pr['feedbacktfile']) {
                    printerror("NotOpenFBFile", "", 1);
                }
                $filetype = GetFiletype($_FILES[$f]['name']);
                //取得文件类型
                if (CheckSaveTranFiletype($filetype)) {
                    printerror("NotQTranFiletype", "", 1);
                }
                if (!strstr($pr['feedbackfiletype'], "|" . $filetype . "|")) {
                    printerror("NotQTranFiletype", "", 1);
                }
                if ($_FILES[$f]['size'] > $pr['feedbackfilesize'] * 1024) {
                    printerror("TooBigQTranFile", "", 1);
                }
                $tranf .= $dh . $f;
                $dh = ",";
                $fval = "[!#@-" . $f . "-@!]";
            } else {
                $fval = "";
            }
        } else {
            $add[$f] = ReturnFBCheckboxAddF($add[$f], $f, $br['checkboxf']);
            $fval = $add[$f];
        }
        $addf .= ",`" . $f . "`";
        $addval .= ",'" . addslashes(RepPostStr($fval)) . "'";
    }
    $type = 0;
    $classid = 0;
    $filename = '';
    $filepath = '';
    $userid = (int) getcvar('mluserid');
    $username = RepPostVar(getcvar('mlusername'));
    $filepass = ReturnTranFilepass();
    //上传附件
    if ($tranf) {
        $dh = "";
        $tranr = explode(",", $tranf);
        $count = count($tranr);
        for ($i = 0; $i < $count; $i++) {
            $tf = $tranr[$i];
            $tfr = DoTranFile($_FILES[$tf]['tmp_name'], $_FILES[$tf]['name'], $_FILES[$tf]['type'], $_FILES[$tf]['size'], $classid);
            if ($tfr['tran']) {
                $filepath = $tfr[filepath];
                //写入数据库
                $filetime = $saytime;
                $filesize = (int) $_FILES[$tf]['size'];
                eInsertFileTable($tfr[filename], $filesize, $tfr[filepath], '[Member]' . $username, $classid, '[FB]' . addslashes(RepPostStr($add[title])), $type, $filepass, $filepass, $public_r[fpath], 0, 4, 0);
                $repfval = ($tfr[filepath] ? $tfr[filepath] . '/' : '') . $tfr[filename];
                $filename .= $dh . $tfr[filename];
                $dh = ",";
            } else {
                $repfval = "";
            }
            $addval = str_replace("[!#@-" . $tf . "-@!]", $repfval, $addval);
        }
    }
    $ip = egetip();
    $eipport = egetipport();
    $sql = $empire->query("insert into {$dbtbpre}enewsfeedback(bid,saytime,ip,filepath,filename,userid,username,haveread,eipport" . $addf . ") values('{$bid}','{$saytime}','{$ip}','{$filepath}','{$filename}','{$userid}','{$username}',0,'{$eipport}'" . $addval . ");");
    $fid = $empire->lastid();
    //更新附件
    UpdateTheFileOther(4, $fid, $filepass, 'other');
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        $reurl = DoingReturnUrl("../tool/feedback/?bid={$bid}", $add['ecmsfrom']);
        printerror("AddFeedbackSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Пример #5
0
function login1($username, $password, $lifetime, $key, $location)
{
    global $empire, $user_tablename, $user_userid, $user_username, $user_password, $user_dopass, $user_group, $user_groupid, $user_rnd, $public_r, $user_salt, $user_saltnum, $dbtbpre, $eloginurl, $user_checked;
    if ($eloginurl) {
        Header("Location:{$eloginurl}");
        exit;
    }
    $dopr = 1;
    if ($_POST['prtype']) {
        $dopr = 9;
    }
    if (!trim($username) || !trim($password)) {
        printerror("EmptyLogin", "history.go(-1)", $dopr);
    }
    //验证码
    $keyvname = 'checkloginkey';
    if ($public_r['loginkey_ok']) {
        ecmsCheckShowKey($keyvname, $key, $dopr);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    //编码转换
    $utfusername = doUtfAndGbk($username, 0);
    $password = doUtfAndGbk($password, 0);
    //密码
    if (empty($user_dopass)) {
        $password = md5($password);
    }
    if ($user_dopass == 3) {
        $password = substr(md5($password), 8, 16);
    }
    //双重md5
    $num = 0;
    if ($user_dopass == 2) {
        $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
        $password = md5(md5($password) . $ur[$user_salt]);
        $num = 0;
        if ($password == $ur[$user_password]) {
            $num = 1;
        }
        if (empty($ur[$user_userid])) {
            $num = 0;
        }
    } else {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
    }
    if (!$num) {
        printerror("FailPassword", "history.go(-1)", $dopr);
    }
    $r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
    if ($r[$user_checked] == 0) {
        if ($public_r['regacttype'] == 1) {
            printerror('NotCheckedUser', '../member/register/regsend.php', 1);
        } else {
            printerror('NotCheckedUser', '', 1);
        }
    }
    $time = date("Y-m-d H:i:s");
    $rnd = make_password(12);
    //取得随机密码
    //默认会员组
    if (empty($r[$user_group])) {
        $r[$user_group] = $user_groupid;
    }
    $r[$user_group] = (int) $r[$user_group];
    $usql = $empire->query("update " . $user_tablename . " set " . $user_rnd . "='{$rnd}'," . $user_group . "=" . $r[$user_group] . " where " . $user_userid . "='{$r[$user_userid]}'");
    //设置cookie
    $logincookie = 0;
    if ($lifetime) {
        $logincookie = time() + $lifetime;
    }
    $set1 = esetcookie("mlusername", $username, $logincookie);
    $set2 = esetcookie("mluserid", $r[$user_userid], $logincookie);
    $set3 = esetcookie("mlgroupid", $r[$user_group], $logincookie);
    $set4 = esetcookie("mlrnd", $rnd, $logincookie);
    //登录附加cookie
    AddLoginCookie($r);
    $location = "../member/cp/";
    $returnurl = getcvar('returnurl');
    if ($returnurl) {
        $location = $returnurl;
    }
    if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
        $location = "../member/iframe/";
    }
    if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
        $location = "../member/cp/";
        $_POST['ecmsfrom'] = '';
    }
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    $set6 = esetcookie("returnurl", "");
    if ($set1 && $set2) {
        $location = DoingReturnUrl($location, $_POST['ecmsfrom']);
        printerror("LoginSuccess", $location, $dopr);
    } else {
        printerror("NotCookie", "history.go(-1)", $dopr);
    }
}
Пример #6
0
function register($add)
{
    global $empire, $dbtbpre, $public_r, $ecms_config;
    //关闭注册
    if ($public_r['register_ok']) {
        printerror('CloseRegister', '', 1);
    }
    //验证时间段允许操作
    eCheckTimeCloseDo('reg');
    //验证IP
    eCheckAccessDoIp('register');
    if (!empty($ecms_config['member']['registerurl'])) {
        Header("Location:" . $ecms_config['member']['registerurl']);
        exit;
    }
    //已经登陆不能注册
    if (getcvar('mluserid')) {
        printerror('LoginToRegister', '', 1);
    }
    CheckCanPostUrl();
    //验证来源
    $username = trim($add['username']);
    $password = trim($add['password']);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $email = RepPostStr($add['email']);
    if (!$username || !$password || !$email) {
        printerror("EmptyMember", "history.go(-1)", 1);
    }
    $tobind = (int) $add['tobind'];
    //验证码
    $keyvname = 'checkregkey';
    if ($public_r['regkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], 1);
    }
    $user_groupid = eReturnMemberDefGroupid();
    $groupid = (int) $add['groupid'];
    $groupid = empty($groupid) ? $user_groupid : $groupid;
    CheckMemberGroupCanReg($groupid);
    //IP
    $regip = egetip();
    $regipport = egetipport();
    //用户字数
    $pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
    $userlen = strlen($username);
    if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
        printerror('FaiUserlen', '', 1);
    }
    //密码字数
    $passlen = strlen($password);
    if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
        printerror('FailPasslen', '', 1);
    }
    if ($add['repassword'] !== $password) {
        printerror('NotRepassword', '', 1);
    }
    if (!chemail($email)) {
        printerror('EmailFail', '', 1);
    }
    if (strstr($username, '|') || strstr($username, '*')) {
        printerror('NotSpeWord', '', 1);
    }
    //同一IP注册
    eCheckIpRegTime($regip, $pr['regretime']);
    //保留用户
    toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
    $username = RepPostStr($username);
    //重复用户
    $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if ($num) {
        printerror('ReUsername', '', 1);
    }
    //重复邮箱
    if ($pr['regemailonly']) {
        $num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
        if ($num) {
            printerror('ReEmailFail', '', 1);
        }
    }
    //注册时间
    $lasttime = time();
    $registertime = eReturnAddMemberRegtime();
    $rnd = make_password(20);
    //产生随机密码
    $userkey = eReturnMemberUserKey();
    //密码
    $truepassword = $password;
    $salt = eReturnMemberSalt();
    $password = eDoMemberPw($password, $salt);
    //审核
    $checked = ReturnGroupChecked($groupid);
    if ($checked && $public_r['regacttype'] == 1) {
        $checked = 0;
    }
    //验证附加表必填项
    $mr['add_filepass'] = ReturnTranFilepass();
    $fid = GetMemberFormId($groupid);
    $member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
    $sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
    //取得userid
    $userid = $empire->lastid();
    //附加表
    $addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
    if (!$addr[userid]) {
        $spacestyleid = ReturnGroupSpaceStyleid($groupid);
        $sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
    }
    //更新附件
    UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    //绑定帐号
    if ($tobind) {
        MemberConnect_BindUser($userid);
    }
    if ($sql) {
        //邮箱激活
        if ($checked == 0 && $public_r['regacttype'] == 1) {
            include 'class/member_actfun.php';
            SendActUserEmail($userid, $username, $email);
        }
        //审核
        if ($checked == 0) {
            $location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
            printerror("RegisterSuccessCheck", $location, 1);
        }
        $logincookie = 0;
        if ($ecms_config['member']['regcookietime']) {
            $logincookie = time() + $ecms_config['member']['regcookietime'];
        }
        $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
        $set1 = esetcookie("mlusername", $username, $logincookie);
        $set2 = esetcookie("mluserid", $userid, $logincookie);
        $set3 = esetcookie("mlgroupid", $groupid, $logincookie);
        $set4 = esetcookie("mlrnd", $rnd, $logincookie);
        //验证符
        qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
        //登录附加cookie
        AddLoginCookie($r);
        $location = "../member/cp/";
        $returnurl = getcvar('returnurl');
        if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
            $location = $returnurl;
        }
        $set5 = esetcookie("returnurl", "");
        //易通行系统
        DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
        $location = DoingReturnUrl($location, $_POST['ecmsfrom']);
        printerror("RegisterSuccess", $location, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Пример #7
0
function qlogin($add)
{
    global $empire, $dbtbpre, $public_r, $ecms_config;
    if ($ecms_config['member']['loginurl']) {
        Header("Location:" . $ecms_config['member']['loginurl']);
        exit;
    }
    $dopr = 1;
    if ($_POST['prtype']) {
        $dopr = 9;
    }
    $username = trim($add['username']);
    $password = trim($add['password']);
    if (!$username || !$password) {
        printerror("EmptyLogin", "history.go(-1)", $dopr);
    }
    $tobind = (int) $add['tobind'];
    //验证码
    $keyvname = 'checkloginkey';
    if ($public_r['loginkey_ok']) {
        ecmsCheckShowKey($keyvname, $add['key'], $dopr);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $num = 0;
    $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if (!$r['userid']) {
        printerror("FailPassword", "history.go(-1)", $dopr);
    }
    if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) {
        printerror("FailPassword", "history.go(-1)", $dopr);
    }
    if ($r['checked'] == 0) {
        if ($public_r['regacttype'] == 1) {
            printerror('NotCheckedUser', '../member/register/regsend.php', 1);
        } else {
            printerror('NotCheckedUser', '', 1);
        }
    }
    //绑定帐号
    if ($tobind) {
        MemberConnect_BindUser($r['userid']);
    }
    $rnd = make_password(20);
    //取得随机密码
    //默认会员组
    if (empty($r['groupid'])) {
        $r['groupid'] = eReturnMemberDefGroupid();
    }
    $r['groupid'] = (int) $r['groupid'];
    $lasttime = time();
    //IP
    $lastip = egetip();
    $lastipport = egetipport();
    $usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'");
    $empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'");
    //设置cookie
    $lifetime = (int) $add['lifetime'];
    $logincookie = 0;
    if ($lifetime) {
        $logincookie = time() + $lifetime;
    }
    $set1 = esetcookie("mlusername", $username, $logincookie);
    $set2 = esetcookie("mluserid", $r['userid'], $logincookie);
    $set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie);
    $set4 = esetcookie("mlrnd", $rnd, $logincookie);
    //验证符
    qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie);
    //登录附加cookie
    AddLoginCookie($r);
    $location = "../member/cp/";
    $returnurl = getcvar('returnurl');
    if ($returnurl) {
        $location = $returnurl;
    }
    if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
        $location = "../member/iframe/";
    }
    if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
        $location = "../member/cp/";
        $_POST['ecmsfrom'] = '';
    }
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    $set6 = esetcookie("returnurl", "");
    if ($set1 && $set2) {
        //易通行系统
        DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']);
        $location = DoingReturnUrl($location, $_POST['ecmsfrom']);
        printerror("LoginSuccess", $location, $dopr);
    } else {
        printerror("NotCookie", "history.go(-1)", $dopr);
    }
}
Пример #8
0
function login($username, $password, $key, $post)
{
    global $empire, $public_r, $dbtbpre, $do_loginauth, $do_ckhloginfile;
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    if (!$username || !$password) {
        printerror("EmptyKey", "index.php");
    }
    //验证码
    $keyvname = 'checkkey';
    if (!$public_r['adminloginkey']) {
        ecmsCheckShowKey($keyvname, $key, 0, 0);
    }
    if (strlen($username) > 30 || strlen($password) > 30) {
        printerror("EmptyKey", "index.php");
    }
    $loginip = egetip();
    $logintime = time();
    CheckLoginNum($loginip, $logintime);
    //认证码
    if ($do_loginauth && $do_loginauth != $post['loginauth']) {
        InsertErrorLoginNum($username, $password, 1, $loginip, $logintime);
        printerror("ErrorLoginAuth", "index.php");
    }
    $user_r = $empire->fetch1("select userid,password,salt,lasttime,lastip from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
    if (!$user_r['userid']) {
        InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
        printerror("LoginFail", "index.php");
    }
    $ch_password = md5(md5($password) . $user_r['salt']);
    if ($user_r['password'] != $ch_password) {
        InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
        printerror("LoginFail", "index.php");
    }
    //安全问答
    $user_addr = $empire->fetch1("select userid,equestion,eanswer from {$dbtbpre}enewsuseradd where userid='{$user_r['userid']}'");
    if (!$user_addr['userid']) {
        InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
        printerror("LoginFail", "index.php");
    }
    if ($user_addr['equestion']) {
        $equestion = (int) $post['equestion'];
        $eanswer = $post['eanswer'];
        if ($user_addr['equestion'] != $equestion) {
            InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
            printerror("LoginFail", "index.php");
        }
        $ckeanswer = ReturnHLoginQuestionStr($user_r['userid'], $username, $user_addr['equestion'], $eanswer);
        if ($ckeanswer != $user_addr['eanswer']) {
            InsertErrorLoginNum($username, $password, 0, $loginip, $logintime);
            printerror("LoginFail", "index.php");
        }
    }
    //取得随机密码
    $rnd = make_password(20);
    $sql = $empire->query("update {$dbtbpre}enewsuser set rnd='{$rnd}',loginnum=loginnum+1,lastip='{$loginip}',lasttime='{$logintime}',pretime='{$user_r['lasttime']}',preip='" . RepPostVar($user_r[lastip]) . "' where username='******' limit 1");
    $r = $empire->fetch1("select groupid,userid,styleid from {$dbtbpre}enewsuser where username='******' limit 1");
    //样式
    if (empty($r[styleid])) {
        $stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
    } else {
        $styler = $empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='{$r['styleid']}'");
        if (empty($styler[styleid])) {
            $stylepath = $public_r['defadminstyle'] ? $public_r['defadminstyle'] : 1;
        } else {
            $stylepath = $styler['path'];
        }
    }
    //设置备份
    $cdbdata = 0;
    $bnum = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='{$r['groupid']}' and dodbdata=1");
    if ($bnum) {
        $cdbdata = 1;
        $set5 = esetcookie("ecmsdodbdata", "empirecms", 0, 1);
    } else {
        $set5 = esetcookie("ecmsdodbdata", "", 0, 1);
    }
    ecmsEmptyShowKey($keyvname, 0);
    //清空验证码
    $set4 = esetcookie("loginuserid", $r[userid], 0, 1);
    $set1 = esetcookie("loginusername", $username, 0, 1);
    $set2 = esetcookie("loginrnd", $rnd, 0, 1);
    $set3 = esetcookie("loginlevel", $r[groupid], 0, 1);
    $set5 = esetcookie("eloginlic", "empirecmslic", 0, 1);
    $set6 = esetcookie("loginadminstyleid", $stylepath, 0, 1);
    //COOKIE加密验证
    if (empty($do_ckhloginfile)) {
        DoEDelFileRnd($r[userid]);
    }
    DoECookieRnd($r[userid], $username, $rnd, $cdbdata, $r[groupid], intval($stylepath), $logintime);
    //最后登陆时间
    $set4 = esetcookie("logintime", $logintime, 0, 1);
    $set5 = esetcookie("truelogintime", $logintime, 0, 1);
    //写入日志
    insert_log($username, '', 1, $loginip, 0);
    //FireWall
    FWSetPassword();
    if ($set1 && $set2 && $set3) {
        //操作日志
        insert_dolog("");
        if ($post['adminwindow']) {
            ?>
			<script>
			AdminWin=window.open("admin.php","EmpireCMS","scrollbars");
			AdminWin.moveTo(0,0);
			AdminWin.resizeTo(screen.width,screen.height-30);
			self.location.href="blank.php";
			</script>
		<?php 
            exit;
        } else {
            printerror("LoginSuccess", "admin.php");
        }
    } else {
        printerror("NotCookie", "index.php");
    }
}
Пример #9
0
function login($username,$password,$key,$post){
	global $empire,$public_r,$dbtbpre,$ecms_config;
	$username=RepPostVar($username);
	$password=RepPostVar($password);
	if(!$username||!$password)
	{
		printerror("EmptyKey","index.php");
	}
	//验证码
	$keyvname='checkkey';
	if(!$public_r['adminloginkey'])
	{
		ecmsCheckShowKey($keyvname,$key,0,0);
	}
	if(strlen($username)>30||strlen($password)>30)
	{
		printerror("EmptyKey","index.php");
	}
	$loginip=egetip();
	$logintime=time();
	CheckLoginNum($loginip,$logintime);
	//认证码
	if($ecms_config['esafe']['loginauth']&&$ecms_config['esafe']['loginauth']!=$post['loginauth'])
	{
		InsertErrorLoginNum($username,$password,1,$loginip,$logintime);
		printerror("ErrorLoginAuth","index.php");
	}
	$user_r=$empire->fetch1("select userid,password,salt,salt2,lasttime,lastip,addtime,addip,userprikey,lastipport,addipport from {$dbtbpre}enewsuser where username='******' and checked=0 limit 1");
	if(!$user_r['userid'])
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail","index.php");
	}
	$ch_password=DoEmpireCMSAdminPassword($password,$user_r['salt'],$user_r['salt2']);
	if($user_r['password']!=$ch_password)
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail","index.php");
	}
	//安全问答
	$user_addr=$empire->fetch1("select userid,equestion,eanswer,openip,certkey from {$dbtbpre}enewsuseradd where userid='$user_r[userid]'");
	if(!$user_addr['userid'])
	{
		InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
		printerror("LoginFail","index.php");
	}
	if($user_addr['equestion'])
	{
		$equestion=(int)$post['equestion'];
		$eanswer=$post['eanswer'];
		if($user_addr['equestion']!=$equestion)
		{
			InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
			printerror("LoginFail","index.php");
		}
		$ckeanswer=ReturnHLoginQuestionStr($user_r['userid'],$username,$user_addr['equestion'],$eanswer);
		if($ckeanswer!=$user_addr['eanswer'])
		{
			InsertErrorLoginNum($username,$password,0,$loginip,$logintime);
			printerror("LoginFail","index.php");
		}
	}
	//IP限制
	if($user_addr['openip'])
	{
		eCheckAccessAdminLoginIp($user_addr['openip']);
	}
	//取得随机密码
	$rnd=make_password(20);
	$loginipport=egetipport();
	$sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd',loginnum=loginnum+1,lastip='$loginip',lasttime='$logintime',pretime='$user_r[lasttime]',preip='".RepPostVar($user_r[lastip])."',lastipport='$loginipport',preipport='".RepPostVar($user_r[lastipport])."' where username='******' limit 1");
	$r=$empire->fetch1("select groupid,userid,styleid,userprikey from {$dbtbpre}enewsuser where username='******' limit 1");
	//样式
	if(empty($r[styleid]))
	{
		$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
	}
	else
	{
		$styler=$empire->fetch1("select path,styleid from {$dbtbpre}enewsadminstyle where styleid='$r[styleid]'");
		if(empty($styler[styleid]))
		{
			$stylepath=$public_r['defadminstyle']?$public_r['defadminstyle']:1;
		}
		else
		{
			$stylepath=$styler['path'];
		}
	}
	//设置备份
	$cdbdata=0;
	$bnum=$empire->gettotal("select count(*) as total from {$dbtbpre}enewsgroup where groupid='$r[groupid]' and dodbdata=1");
	if($bnum)
	{
		$cdbdata=1;
		$set5=esetcookie("ecmsdodbdata","empirecms",0,1);
    }
	else
	{
		$set5=esetcookie("ecmsdodbdata","",0,1);
	}
	
	ecmsEmptyShowKey($keyvname,0);//清空验证码
	$set4=esetcookie("loginuserid",$r[userid],0,1);
	$set1=esetcookie("loginusername",$username,0,1);
	$set2=esetcookie("loginrnd",$rnd,0,1);
	$set3=esetcookie("loginlevel",$r[groupid],0,1);
	$set5=esetcookie("eloginlic","empirecmslic",0,1);
	$set6=esetcookie("loginadminstyleid",$stylepath,0,1);
	//COOKIE加密验证
	DoEDelFileRnd($r[userid]);
	DoECookieRnd($r[userid],$username,$rnd,$r['userprikey'],$cdbdata,$r[groupid],intval($stylepath),$logintime);
	//最后登陆时间
	$set4=esetcookie("logintime",$logintime,0,1);
	$set5=esetcookie("truelogintime",$logintime,0,1);
	esetcookie('ecertkeyrnds','',0);
	//写入日志
	insert_log($username,'',1,$loginip,0);
	//FireWall
	FWSetPassword();
	if($set1&&$set2&&$set3)
	{
		$cache_enews='doclass,doinfo,douserinfo';
		$cache_ecmstourl='admin.php'.urlencode(hReturnEcmsHashStrDef(1,'ehref'));
		$cache_mess='LoginSuccess';
		$cache_url="CreateCache.php?enews=$cache_enews&ecmstourl=$cache_ecmstourl&mess=$cache_mess".hReturnEcmsHashStrDef(0,'ehref');
		//操作日志
	    insert_dolog("");
		if($post['adminwindow'])
		{
		?>
			<script>
			AdminWin=window.open("<?=$cache_url?>","EmpireCMS","scrollbars");
			AdminWin.moveTo(0,0);
			AdminWin.resizeTo(screen.width,screen.height-30);
			self.location.href="blank.php";
			</script>
		<?
		exit();
		}
		else
		{
			//printerror("LoginSuccess",$cache_url);
			echo'<meta http-equiv="refresh" content="0;url='.$cache_url.'">';
			db_close();
			$empire=null;
			exit();
		}
	}
	else
	{
		printerror("NotCookie","index.php");
	}
}
Пример #10
0
function DoRegSend($add)
{
    global $empire, $dbtbpre, $public_r;
    if ($public_r['regacttype'] != 1) {
        printerror('CloseRegAct', '', 1);
    }
    $username = trim($add[username]);
    $password = trim($add[password]);
    $email = trim($add[email]);
    $newemail = trim($add[newemail]);
    if (!$username || !$password || !$email) {
        printerror("EmptyRegAct", "history.go(-1)", 1);
    }
    //验证码
    $key = $add['key'];
    $keyvname = 'checkregsendkey';
    ecmsCheckShowKey($keyvname, $key, 1);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $username = RepPostStr($username);
    $email = RepPostStr($email);
    $newemail = RepPostStr($newemail);
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    if ($newemail) {
        if (!chemail($newemail)) {
            printerror("EmailFail", "history.go(-1)", 1);
        }
        $sendemail = $newemail;
    } else {
        $sendemail = $email;
    }
    //密码
    $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    if (!$ur['userid']) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    $r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
    $useremail = $r['email'];
    if (!$r['userid'] || $useremail != $email) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    if ($r['checked']) {
        printerror("HaveRegActUser", '', 1);
    }
    $addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberpub where userid='" . $r['userid'] . "' limit 1");
    $ar = explode('||', $addr['authstr']);
    if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) {
        printerror("HaveRegActUser", '', 1);
    }
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    SendActUserEmail($r['userid'], $username, $sendemail);
}
Пример #11
0
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
    global $empire, $dbtbpre, $public_r, $class_r, $level_r;
    //验证本时间允许操作
    eCheckTimeCloseDo('pl');
    //验证IP
    eCheckAccessDoIp('pl');
    $id = (int) $id;
    $repid = (int) $repid;
    $classid = (int) $classid;
    //验证码
    $keyvname = 'checkplkey';
    if ($public_r['plkey_ok']) {
        ecmsCheckShowKey($keyvname, $key, 1);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $muserid = (int) getcvar('mluserid');
    $musername = RepPostVar(getcvar('mlusername'));
    $mgroupid = (int) getcvar('mlgroupid');
    if ($muserid) {
        $cklgr = qCheckLoginAuthstr();
        if ($cklgr['islogin']) {
            $username = $musername;
        } else {
            $muserid = 0;
        }
    } else {
        if (empty($nomember)) {
            if (!$username || !$password) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            $ur = $empire->fetch1("select " . eReturnSelectMemberF('userid,salt,password,checked,groupid') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
            if (empty($ur['userid'])) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            if (!eDoCkMemberPw($password, $ur['password'], $ur['salt'])) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            if ($ur['checked'] == 0) {
                printerror("NotCheckedUser", '', 1);
            }
            $muserid = $ur['userid'];
            $mgroupid = $ur['groupid'];
        } else {
            $muserid = 0;
        }
    }
    if ($public_r['plgroupid']) {
        if (!$muserid) {
            printerror("GuestNotToPl", "history.go(-1)", 1);
        }
        if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
            printerror("NotLevelToPl", "history.go(-1)", 1);
        }
    }
    //专题
    $doaction = $add['doaction'];
    if ($doaction == 'dozt') {
        if (!trim($saytext) || !$classid) {
            printerror("EmptyPl", "history.go(-1)", 1);
        }
        //是否关闭评论
        $r = $empire->fetch1("select ztid,closepl,checkpl,restb from {$dbtbpre}enewszt where ztid='{$classid}'");
        if (!$r['ztid']) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        if ($r['closepl']) {
            printerror("CloseClassPl", "history.go(-1)", 1);
        }
        //审核
        if ($r['checkpl']) {
            $checked = 1;
        } else {
            $checked = 0;
        }
        $restb = $r['restb'];
        $pubid = '-' . $classid;
        $id = 0;
        $pagefunr = eReturnRewritePlUrl($classid, $id, 'dozt', 0, 0, 1);
        $returl = $pagefunr['pageurl'];
    } else {
        if (!trim($saytext) || !$id || !$classid) {
            printerror("EmptyPl", "history.go(-1)", 1);
        }
        //表存在
        if (empty($class_r[$classid][tbname])) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        //是否关闭评论
        $r = $empire->fetch1("select classid,stb,restb from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' limit 1");
        if (!$r['classid'] || $r['classid'] != $classid) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        if ($class_r[$r[classid]][openpl]) {
            printerror("CloseClassPl", "history.go(-1)", 1);
        }
        //单信息关闭评论
        $pubid = ReturnInfoPubid($classid, $id);
        $finfor = $empire->fetch1("select closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . "_data_" . $r['stb'] . " where id='{$id}' limit 1");
        if ($finfor['closepl']) {
            printerror("CloseInfoPl", "history.go(-1)", 1);
        }
        //审核
        if ($class_r[$classid][checkpl]) {
            $checked = 1;
        } else {
            $checked = 0;
        }
        $restb = $r['restb'];
        $pagefunr = eReturnRewritePlUrl($classid, $id, 'doinfo', 0, 0, 1);
        $returl = $pagefunr['pageurl'];
    }
    //设置参数
    $plsetr = $empire->fetch1("select pltime,plsize,plincludesize,plclosewords,plmustf,plf,plmaxfloor,plquotetemp from {$dbtbpre}enewspl_set limit 1");
    if (strlen($saytext) > $plsetr['plsize']) {
        $GLOBALS['setplsize'] = $plsetr['plsize'];
        printerror("PlSizeTobig", "history.go(-1)", 1);
    }
    $time = time();
    $saytime = $time;
    $pltime = getcvar('lastpltime');
    if ($pltime) {
        if ($time - $pltime < $plsetr['pltime']) {
            $GLOBALS['setpltime'] = $plsetr['pltime'];
            printerror("PlOutTime", "history.go(-1)", 1);
        }
    }
    $sayip = egetip();
    $eipport = egetipport();
    $username = str_replace("\r\n", "", $username);
    $username = RepPostStr($username);
    $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
    if ($repid) {
        $saytext = RepPlTextQuote($repid, $saytext, $plsetr, $restb);
        CkPlQuoteFloor($plsetr['plmaxfloor'], $saytext);
        //验证楼层
    }
    //过滤字符
    $saytext = ReplacePlWord($plsetr['plclosewords'], $saytext);
    if ($level_r[$mgroupid]['plchecked']) {
        $checked = 0;
    }
    $ret_r = ReturnPlAddF($add, $plsetr, 0);
    //主表
    $sql = $empire->query("insert into {$dbtbpre}enewspl_" . $restb . "(pubid,username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,saytext,eipport" . $ret_r['fields'] . ") values('{$pubid}','" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'" . addslashes($saytext) . "','{$eipport}'" . $ret_r['values'] . ");");
    $plid = $empire->lastid();
    if ($doaction != 'dozt') {
        //信息表加1
        $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}' limit 1");
    }
    //更新新评论数
    DoUpdateAddDataNum('pl', $restb, 1);
    //设置最后发表时间
    $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        $reurl = DoingReturnUrl($returl, $_POST['ecmsfrom']);
        printerror("AddPlSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}
Пример #12
0
function DoRegSend($add)
{
    global $empire, $dbtbpre, $public_r, $user_tablename, $user_username, $user_userid, $user_email, $user_password, $user_dopass, $user_salt, $user_checked;
    if ($public_r['regacttype'] != 1) {
        printerror('CloseRegAct', '', 1);
    }
    $username = trim($add[username]);
    $password = trim($add[password]);
    $email = trim($add[email]);
    $newemail = trim($add[newemail]);
    if (!$username || !$password || !$email) {
        printerror("EmptyRegAct", "history.go(-1)", 1);
    }
    //ÑéÖ¤Âë
    $key = $add['key'];
    $keyvname = 'checkregsendkey';
    ecmsCheckShowKey($keyvname, $key, 1);
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $username = RepPostStr($username);
    $email = RepPostStr($email);
    $newemail = RepPostStr($newemail);
    if (!chemail($email)) {
        printerror("EmailFail", "history.go(-1)", 1);
    }
    if ($newemail) {
        if (!chemail($newemail)) {
            printerror("EmailFail", "history.go(-1)", 1);
        }
        $sendemail = $newemail;
    } else {
        $sendemail = $email;
    }
    //±àÂëת»»
    $utfusername = doUtfAndGbk($username, 0);
    $password = doUtfAndGbk($password, 0);
    //ÃÜÂë
    if (empty($user_dopass)) {
        $password = md5($password);
    }
    if ($user_dopass == 3) {
        $password = substr(md5($password), 8, 16);
    }
    //Ë«ÖØmd5
    $num = 0;
    if ($user_dopass == 2) {
        $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
        $password = md5(md5($password) . $ur[$user_salt]);
        $num = 0;
        if ($password == $ur[$user_password]) {
            $num = 1;
        }
        if (empty($ur[$user_userid])) {
            $num = 0;
        }
    } else {
        $num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
    }
    if (!$num) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    $r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
    $utfemail = doUtfAndGbk($r[$user_email], 1);
    if (!$r[$user_userid] || $utfemail != $email) {
        printerror("ErrorRegActUser", "history.go(-1)", 1);
    }
    if ($r[$user_checked]) {
        printerror("HaveRegActUser", '', 1);
    }
    $addr = $empire->fetch1("select userid,authstr from {$dbtbpre}enewsmemberadd where userid='" . $r[$user_userid] . "' limit 1");
    $ar = explode('||', $addr['authstr']);
    if (!$addr['userid'] || !$addr['authstr'] || $ar[1] != 2) {
        printerror("HaveRegActUser", '', 1);
    }
    ecmsEmptyShowKey($keyvname);
    //Çå¿ÕÑéÖ¤Âë
    SendActUserEmail($r[$user_userid], $username, $sendemail);
}
Пример #13
0
function DodoInfo($add, $ecms = 0)
{
    global $empire, $public_r, $emod_r, $level_r, $class_r, $dbtbpre, $fun_r;
    //验证来源
    if ($ecms == 0 || $ecms == 1) {
        CheckCanPostUrl();
    }
    //开启投稿
    if ($public_r['addnews_ok']) {
        printerror("CloseQAdd", "", 1);
    }
    //验证本时间允许操作
    eCheckTimeCloseDo('info');
    $classid = (int) $add['classid'];
    $mid = (int) $class_r[$classid]['modid'];
    if (!$mid || !$classid) {
        printerror("EmptyQinfoCid", "", 1);
    }
    $tbname = $emod_r[$mid]['tbname'];
    $qenter = $emod_r[$mid]['qenter'];
    if (!$tbname || !$qenter || $qenter == ',') {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    $muserid = (int) getcvar('mluserid');
    $musername = RepPostVar(getcvar('mlusername'));
    $mrnd = RepPostVar(getcvar('mlrnd'));
    //取得栏目信息
    $isadd = 0;
    if ($ecms == 0) {
        $isadd = 1;
    }
    $setuserday = '';
    $cr = DoQCheckAddLevel($classid, $muserid, $musername, $mrnd, $ecms, $isadd);
    $setuserday = $cr['checkaddnumquery'];
    $filepass = (int) $add['filepass'];
    $id = (int) $add['id'];
    $infor = array();
    //组合标题属性
    $titlecolor = RepPostStr(RepPhpAspJspcodeText($add[titlecolor]));
    $titlefont = TitleFont($add[titlefont], $titlecolor);
    $titlecolor = "";
    $titlefont = "";
    $ttid = (int) $add['ttid'];
    $keyboard = addslashes(RepPostStr(trim(DoReplaceQjDh($add[keyboard]))));
    $keyid = '';
    //返回关键字组合
    if ($keyboard && strstr($qenter, ',special.field,')) {
        $keyboard = str_replace('[!--f--!]', 'ecms', $keyboard);
        $keyid = GetKeyid($keyboard, $classid, $id, $class_r[$classid][link_num]);
    }
    //验证码
    $keyvname = 'checkinfokey';
    //moreport
    if (Moreport_ReturnMustDt()) {
        define('ECMS_SELFPATH', eReturnEcmsMainPortPath());
        Moreport_ResetMainTempGid();
    }
    //-----------------增加
    if ($ecms == 0) {
        //时间
        $lasttime = getcvar('lastaddinfotime');
        if ($lasttime) {
            if (time() - $lasttime < $public_r['readdinfotime']) {
                printerror("QAddInfoOutTime", "", 1);
            }
        }
        //验证码
        if ($cr['qaddshowkey']) {
            ecmsCheckShowKey($keyvname, $add['key'], 1);
        }
        //IP发布数限制
        $check_ip = egetip();
        $check_checked = $cr['wfid'] ? 0 : $cr['checkqadd'];
        eCheckIpAddInfoNum($check_ip, $tbname, $mid, $check_checked);
        //返回字段
        $ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 0);
        $checked = $cr['checkqadd'];
        $havehtml = 0;
        $newspath = date($cr['newspath']);
        $truetime = time();
        $newstime = $truetime;
        $newstempid = $cr['newstempid'];
        $haveaddfen = 0;
        //强制签发
        $isqf = 0;
        if ($cr['wfid']) {
            $checked = 0;
            $isqf = 1;
        }
        //增扣点
        if ($checked && $muserid) {
            AddInfoFen($cr['addinfofen'], $muserid);
            $haveaddfen = 1;
        }
        if (empty($muserid)) {
            $musername = $fun_r['guest'];
        }
        //会员投稿数更新
        if ($setuserday) {
            $empire->query($setuserday);
        }
        //发布时间
        if (!strstr($qenter, ',newstime,')) {
            $ret_r[0] = ",newstime" . $ret_r[0];
            $ret_r[1] = ",'{$newstime}'" . $ret_r[1];
        } else {
            if ($add['newstime']) {
                $newstime = to_time($add['newstime']);
                $newstime = intval($newstime);
            }
        }
        //附加链接参数
        $addecmscheck = empty($checked) ? '&ecmscheck=1' : '';
        //索引表
        $indexsql = $empire->query("insert into {$dbtbpre}ecms_" . $tbname . "_index(classid,checked,newstime,truetime,lastdotime,havehtml) values('{$classid}','{$checked}','{$newstime}','{$truetime}','{$truetime}','{$havehtml}');");
        $id = $empire->lastid();
        //返回表信息
        $infotbr = ReturnInfoTbname($tbname, $checked, $ret_r[4]);
        //主表
        $sql = $empire->query("insert into " . $infotbr['tbname'] . "(id,classid,ttid,onclick,plnum,totaldown,newspath,filename,userid,username,firsttitle,isgood,istop,isqf,ismember,isurl,truetime,lastdotime,havehtml,groupid,userfen,titlefont,titleurl,stb,fstb,restb,keyboard" . $ret_r[0] . ") values('{$id}','{$classid}','{$ttid}',0,0,0,'{$newspath}','','" . $muserid . "','" . addslashes($musername) . "',0,0,0,'{$isqf}',1,0,'{$truetime}','{$truetime}','{$havehtml}',0,0,'{$titlefont}','','{$ret_r['4']}','{$public_r['filedeftb']}','{$public_r['pldeftb']}','{$keyboard}'" . $ret_r[1] . ");");
        //副表
        $fsql = $empire->query("insert into " . $infotbr['datatbname'] . "(id,classid,keyid,dokey,newstempid,closepl,haveaddfen,infotags" . $ret_r[2] . ") values('{$id}','{$classid}','{$keyid}',1,'{$newstempid}',0,'{$haveaddfen}',''" . $ret_r[3] . ");");
        //扣点记录
        if ($haveaddfen) {
            if ($cr['addinfofen'] < 0) {
                BakDown($classid, $id, 0, $muserid, $musername, RepPostStr($add[title]), abs($cr['addinfofen']), 3);
            }
        }
        //签发
        if ($isqf == 1) {
            InfoInsertToWorkflow($id, $classid, $cr['wfid'], $muserid, addslashes($musername));
        }
        //文件命名
        $filename = ReturnInfoFilename($classid, $id, '');
        //信息地址
        $infourl = GotoGetTitleUrl($classid, $id, $newspath, $filename, 0, 0, '');
        $usql = $empire->query("update " . $infotbr['tbname'] . " set filename='{$filename}',titleurl='{$infourl}' where id='{$id}'");
        //修改ispic
        UpdateTheIspic($classid, $id, $checked);
        //修改附件
        if ($filepass) {
            UpdateTheFile($id, $filepass, $classid, $public_r['filedeftb']);
        }
        //更新栏目信息数
        AddClassInfos($classid, '+1', '+1', $checked);
        //更新新信息数
        DoUpdateAddDataNum('info', $class_r[$classid]['tid'], 1);
        //清除验证码
        ecmsEmptyShowKey($keyvname);
        esetcookie("qeditinfo", "", 0);
        //生成页面
        if ($checked && !$cr['showdt']) {
            $titleurl = qAddGetHtml($classid, $id);
        }
        //生成列表
        if ($checked) {
            qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
            //生成上一篇
            if ($cr['repreinfo']) {
                $prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
                GetHtml($prer['classid'], $prer['id'], $prer, 1);
            }
        }
        if ($sql) {
            $reurl = DoingReturnUrl("AddInfo.php?classid={$classid}&mid={$mid}" . $addecmscheck, $add['ecmsfrom']);
            if ($add['gotoinfourl'] && $checked) {
                if ($cr['showdt'] == 1) {
                    $reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}";
                } elseif ($cr['showdt'] == 2) {
                    $rewriter = eReturnRewriteInfoUrl($classid, $id, 1);
                    $reurl = $rewriter['pageurl'];
                } else {
                    $reurl = $titleurl;
                }
            }
            esetcookie("lastaddinfotime", time(), time() + 3600 * 24);
            //设置最后发表时间
            printerror("AddQinfoSuccess", $reurl, 1);
        } else {
            printerror("DbError", "history.go(-1)", 1);
        }
    } elseif ($ecms == 1) {
        if (!$id) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        //检测权限
        $infor = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 1);
        //检测时间
        if ($public_r['qeditinfotime']) {
            if (time() - $infor['truetime'] > $public_r['qeditinfotime'] * 60) {
                printerror("QEditInfoOutTime", "history.go(-1)", 1);
            }
        }
        $iaddfield = '';
        $addfield = '';
        $faddfield = '';
        //返回字段
        $ret_r = ReturnQAddinfoF($mid, $add, $infor, $classid, $filepass, $muserid, $musername, 1);
        if ($keyboard) {
            $addfield = ",keyboard='{$keyboard}'";
            $faddfield = ",keyid='{$keyid}'";
        }
        //时间
        if (strstr($qenter, ',newstime,')) {
            if ($add['newstime']) {
                $newstime = to_time($add['newstime']);
                $newstime = intval($newstime);
                $iaddfield .= ",newstime='{$newstime}'";
            }
        }
        //修改是否需要审核
        $ychecked = $infor['checked'];
        if ($cr['qeditchecked']) {
            $infor['checked'] = 0;
            $iaddfield .= ",checked=0";
            $relist = 1;
            //删除原页面
            DelNewsFile($infor[filename], $infor[newspath], $infor[classid], $infor[newstext], $infor[groupid]);
        }
        //会员投稿数更新
        if ($setuserday) {
            //$empire->query($setuserday);
        }
        $lastdotime = time();
        //附加链接参数
        $addecmscheck = empty($infor['checked']) ? '&ecmscheck=1' : '';
        //索引表
        $indexsql = $empire->query("update {$dbtbpre}ecms_" . $tbname . "_index set lastdotime={$lastdotime},havehtml=0" . $iaddfield . " where id='{$id}'");
        //返回表信息
        $infotbr = ReturnInfoTbname($tbname, $ychecked, $infor['stb']);
        //主表
        $sql = $empire->query("update " . $infotbr['tbname'] . " set lastdotime={$lastdotime},havehtml=0,ttid='{$ttid}'" . $addfield . $ret_r[0] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1");
        //副表
        $fsql = $empire->query("update " . $infotbr['datatbname'] . " set classid='{$classid}'" . $faddfield . $ret_r[3] . " where id='{$id}'");
        //修改ispic
        UpdateTheIspic($classid, $id, $ychecked);
        //更新附件
        UpdateTheFileEdit($classid, $id, $infor['fstb']);
        //未审核信息互转
        if ($ychecked != $infor['checked']) {
            MoveCheckInfoData($tbname, $ychecked, $infor['stb'], "id='{$id}'");
            //更新栏目信息数
            if ($infor['checked']) {
                AddClassInfos($classid, '', '+1');
            } else {
                AddClassInfos($classid, '', '-1');
            }
        }
        esetcookie("qeditinfo", "", 0);
        //生成页面
        if ($infor['checked'] && !$cr['showdt']) {
            $titleurl = qAddGetHtml($classid, $id);
        }
        //生成列表
        if ($infor['checked'] || $relist == 1) {
            qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
        }
        //生成上一篇
        if ($cr['repreinfo'] && $infor['checked']) {
            $prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
            GetHtml($prer['classid'], $prer['id'], $prer, 1);
        }
        if ($sql) {
            $reurl = DoingReturnUrl("ListInfo.php?mid={$mid}" . $addecmscheck, $add['ecmsfrom']);
            if ($add['editgotoinfourl'] && $infor['checked']) {
                if ($cr['showdt'] == 1) {
                    $reurl = $public_r[newsurl] . "e/action/ShowInfo/?classid={$classid}&id={$id}";
                } elseif ($cr['showdt'] == 2) {
                    $rewriter = eReturnRewriteInfoUrl($classid, $id, 1);
                    $reurl = $rewriter['pageurl'];
                } else {
                    $reurl = $titleurl;
                }
            }
            printerror("EditQinfoSuccess", $reurl, 1);
        } else {
            printerror("DbError", "history.go(-1)", 1);
        }
    } elseif ($ecms == 2) {
        if (!$id) {
            printerror("ErrorUrl", "history.go(-1)", 1);
        }
        //检测权限
        $r = CheckQdoinfo($classid, $id, $muserid, $tbname, $cr['adminqinfo'], 2);
        //附加链接参数
        $addecmscheck = empty($r['checked']) ? '&ecmscheck=1' : '';
        //返回表信息
        $infotbr = ReturnInfoTbname($tbname, $r['checked'], $r['stb']);
        $stf = $emod_r[$mid]['savetxtf'];
        $pf = $emod_r[$mid]['pagef'];
        //分页字段
        if ($pf) {
            if (strstr($emod_r[$mid]['tbdataf'], ',' . $pf . ',')) {
                $finfor = $empire->fetch1("select " . $pf . " from " . $infotbr['datatbname'] . " where id='{$id}' limit 1");
                $r[$pf] = $finfor[$pf];
            }
        }
        //存文本
        if ($stf) {
            $newstextfile = $r[$stf];
            $r[$stf] = GetTxtFieldText($r[$stf]);
            //删除文件
            DelTxtFieldText($newstextfile);
        }
        //删除信息文件
        DelNewsFile($r[filename], $r[newspath], $classid, $r[$pf], $r[groupid]);
        $indexsql = $empire->query("delete from {$dbtbpre}ecms_" . $tbname . "_index where id='{$id}'");
        $sql = $empire->query("delete from " . $infotbr['tbname'] . " where id={$id} and classid={$classid} and userid='{$muserid}' and ismember=1");
        $fsql = $empire->query("delete from " . $infotbr['datatbname'] . " where id={$id}");
        esetcookie("qdelinfo", "", 0);
        //更新栏目信息数
        AddClassInfos($classid, '-1', '-1', $r['checked']);
        //删除其它表记录和附件
        DelSingleInfoOtherData($classid, $id, $r, 0, 0);
        //生成列表
        if ($r['checked']) {
            qAddListHtml($classid, $mid, $cr['qaddlist'], $cr['listdt']);
            //生成上一篇
            if ($cr['repreinfo']) {
                $prer = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id<{$id} and classid='{$classid}' order by id desc limit 1");
                GetHtml($prer['classid'], $prer['id'], $prer, 1);
                //下一篇
                $nextr = $empire->fetch1("select * from {$dbtbpre}ecms_" . $tbname . " where id>{$id} and classid='{$classid}' order by id limit 1");
                if ($nextr['id']) {
                    GetHtml($nextr['classid'], $nextr['id'], $nextr, 1);
                }
            }
        }
        if ($sql) {
            $reurl = DoingReturnUrl("ListInfo.php?mid={$mid}", $add['ecmsfrom']);
            printerror("DelQinfoSuccess", $reurl, 1);
        } else {
            printerror("DbError", "history.go(-1)", 1);
        }
    } else {
        printerror("ErrorUrl", "", 1);
    }
}
Пример #14
0
function AddPl($username, $password, $nomember, $key, $saytext, $id, $classid, $repid, $add)
{
    global $empire, $public_r, $class_r, $user_userid, $user_username, $user_password, $user_dopass, $user_tablename, $user_salt, $user_checked, $user_group, $dbtbpre, $level_r;
    //验证IP
    eCheckAccessDoIp('pl');
    $id = (int) $id;
    $repid = (int) $repid;
    $classid = (int) $classid;
    //验证码
    $keyvname = 'checkplkey';
    if ($public_r['plkey_ok']) {
        ecmsCheckShowKey($keyvname, $key, 1);
    }
    $username = RepPostVar($username);
    $password = RepPostVar($password);
    $muserid = (int) getcvar('mluserid');
    $musername = RepPostVar(getcvar('mlusername'));
    $mgroupid = (int) getcvar('mlgroupid');
    if ($muserid) {
        $username = $musername;
    } else {
        if (empty($nomember)) {
            //编码转换
            $utfusername = doUtfAndGbk($username, 0);
            $password = doUtfAndGbk($password, 0);
            //密码
            if (empty($user_dopass)) {
                $password = md5($password);
            }
            if ($user_dopass == 3) {
                $password = substr(md5($password), 8, 16);
            }
            //双重md5
            if ($user_dopass == 2) {
                $ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
                $password = md5(md5($password) . $ur[$user_salt]);
                $cuser = 0;
                if ($password == $ur[$user_password]) {
                    $cuser = 1;
                }
                if (empty($ur[$user_userid])) {
                    $cuser = 0;
                }
            } else {
                $ur = $empire->fetch1("select " . $user_userid . "," . $user_checked . "," . $user_group . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='{$password}' limit 1");
                $cuser = 0;
                if ($ur[$user_userid]) {
                    $cuser = 1;
                }
            }
            if (empty($cuser)) {
                printerror("FailPassword", "history.go(-1)", 1);
            }
            if ($ur[$user_checked] == 0) {
                printerror("NotCheckedUser", '', 1);
            }
            $muserid = $ur[$user_userid];
            $mgroupid = $ur[$user_group];
        } else {
            $muserid = 0;
        }
    }
    if ($public_r['plgroupid']) {
        if (!$muserid) {
            printerror("GuestNotToPl", "history.go(-1)", 1);
        }
        if ($level_r[$mgroupid][level] < $level_r[$public_r['plgroupid']][level]) {
            printerror("NotLevelToPl", "history.go(-1)", 1);
        }
    }
    if (!trim($saytext) || !$id || !$classid) {
        printerror("EmptyPl", "history.go(-1)", 1);
    }
    //表存在
    if (empty($class_r[$classid][tbname])) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    if (strlen($saytext) > $public_r[plsize]) {
        printerror("PlSizeTobig", "history.go(-1)", 1);
    }
    $saytime = date("Y-m-d H:i:s");
    $time = time();
    $pltime = getcvar('lastpltime');
    if ($pltime) {
        if ($time - $pltime < $public_r[pltime]) {
            printerror("PlOutTime", "history.go(-1)", 1);
        }
    }
    //是否关闭评论
    $r = $empire->fetch1("select classid,closepl from {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " where id='{$id}' and classid='{$classid}'");
    if (empty($r[classid])) {
        printerror("ErrorUrl", "history.go(-1)", 1);
    }
    if ($class_r[$r[classid]][openpl]) {
        printerror("CloseClassPl", "history.go(-1)", 1);
    }
    //单信息关闭评论
    if ($r['closepl']) {
        printerror("CloseInfoPl", "history.go(-1)", 1);
    }
    $sayip = egetip();
    $username = RepPostStr($username);
    $username = str_replace("\r\n", "", $username);
    $saytext = nl2br(RepFieldtextNbsp(RepPostStr($saytext)));
    $pr = $empire->fetch1("select plclosewords,plf,plmustf,pldeftb from {$dbtbpre}enewspublic limit 1");
    if ($repid) {
        if (trim($saytext) == "[quote]" . $repid . "[/quote]") {
            printerror("EmptyPl", "history.go(-1)", 1);
        }
        $saytext = RepPlTextQuote($repid, $saytext, $pr);
    }
    //过滤字符
    $saytext = ReplacePlWord($pr['plclosewords'], $saytext);
    //审核
    if ($class_r[$classid][checkpl]) {
        $checked = 1;
    } else {
        $checked = 0;
    }
    $ret_r = ReturnPlAddF($add, $pr, 0);
    //主表
    $sql = $empire->query("insert into {$dbtbpre}enewspl(username,sayip,saytime,id,classid,checked,zcnum,fdnum,userid,isgood,stb) values('" . $username . "','{$sayip}','{$saytime}','{$id}','{$classid}','{$checked}',0,0,'{$muserid}',0,'{$pr['pldeftb']}');");
    $plid = $empire->lastid();
    //副表
    $fsql = $empire->query("insert into {$dbtbpre}enewspl_data_" . $pr['pldeftb'] . "(plid,classid,id,saytext" . $ret_r['fields'] . ") values('{$plid}','{$classid}','{$id}','" . addslashes($saytext) . "'" . $ret_r['values'] . ");");
    //信息表加1
    $usql = $empire->query("update {$dbtbpre}ecms_" . $class_r[$classid][tbname] . " set plnum=plnum+1 where id='{$id}'");
    //设置最后发表时间
    $set1 = esetcookie("lastpltime", time(), time() + 3600 * 24);
    ecmsEmptyShowKey($keyvname);
    //清空验证码
    if ($sql) {
        $reurl = DoingReturnUrl("../pl/?classid={$classid}&id={$id}", $_POST['ecmsfrom']);
        printerror("AddPlSuccess", $reurl, 1);
    } else {
        printerror("DbError", "history.go(-1)", 1);
    }
}