$expires = 3600;
default:
$expires = 0;
break;
}
$expires && !empty($client_t) && ($expires = intval(floatval($client_t) / 1000) - $timestamp + $expires);
$expires < 0 && ($expires = 0);
if ($enable_pptin && !empty($pptin_url) && $pptin_login) {
$url = $pptin_url . $pptin_login;
$url .= (strpos($url, '?') ? '&' : '?') . "{$getval}=" . rawurlencode($forward);
header('location:' . $url);
exit;
}
include_once M_ROOT . "./include/admin.fun.php";
$username = trim($username);
regcode_pass('login', empty($regcode) ? '' : trim($regcode)) || message('safecodeerr', axaction(1, $forward));
strlen($username) < 3 && message('membercnameillegal', axaction(1, $forward));
if (!$password || $password != addslashes($password)) {
message('pwdillegal', axaction(1, $forward));
}
$guestexp = '\\xA1\\xA1|^Guest|^\\xD3\\xCE\\xBF\\xCD|\\xB9\\x43\\xAB\\xC8';
preg_match("/^\\s*\$|^c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&]|{$guestexp}/is", $username) && message('membercnameillegal', axaction(1, $forward));
$errtimes = login_safecheck($username);
$errtimes++ < $maxerrtimes || message('mloginerrtimes');
$cantimes = $maxerrtimes - $errtimes;
$md5_password = md5(md5($password));
$enable_uc && (include_once M_ROOT . './include/ucenter/uc.inc.php');
$curuser->activeuserbyname($username);
if ($curuser->info['mid'] && ($enable_uc || $curuser->info['password'] == $md5_password)) {
//是本站会员,检查更新密码
if ($curuser->info['password'] != $md5_password) {
_footer();
} else {
include_once M_ROOT . './include/common.fun.php';
parse_str($_SERVER['QUERY_STRING'], $_da);
_aenter($_da, 1);
@extract($btags);
extract($_da, EXTR_OVERWRITE);
tpl_refresh($tplname);
@(include M_ROOT . "template/{$templatedir}/pcache/{$tplname}.php");
$_content = ob_get_contents();
ob_clean();
mexit($_content);
}
} else {
$inajax ? aheader() : _header();
if (!regcode_pass('archive', empty($regcode) ? '' : trim($regcode))) {
mcmessage('safecodeerr', axaction(2, M_REFERER));
}
if (empty($archiveadd['caid']) || !($catalog = @$acatalogs[$archiveadd['caid']])) {
mcmessage('choosecatalog', axaction(2, M_REFERER));
}
if ($sid != $catalog['sid']) {
switch_cache($catalog['sid']);
$sid = $catalog['sid'];
}
$sqlmain = "sid='{$sid}',\n\t\tcaid='{$archiveadd['caid']}',\n\t\tchid='{$chid}',\n\t\tmid='{$memberid}',\n\t\tmname='" . $curuser->info['mname'] . "',\n\t\tcreatedate='{$timestamp}',\n\t\trefreshdate='{$timestamp}'";
$pre_cns = array();
$pre_cns['caid'] = $archiveadd['caid'];
//分析分类的定义及权限
foreach ($cotypes as $k => $v) {
if (!$v['self_reg'] && !in_array($k, $ccoids) && !in_array("ccid{$k}", $additems)) {
!defined('M_COM') && exit('No Permission');
if (!submitcheck('bmemberpwd')) {
tabheader(lang('memberpwdsetting'), 'memberpwd', '?action=memberpwd', 2, 0, 1);
trbasic(lang('membercname'), '', $curuser->info['mname'], '');
trbasic(lang('oldpwd'), 'opassword', '', 'password');
trbasic(lang('newpwd'), 'npassword', '', 'password');
trbasic(lang('repwd'), 'npassword2', '', 'password');
$submitstr = '';
$submitstr .= makesubmitstr('opassword', 1, 0, 0, 15);
$submitstr .= makesubmitstr('npassword', 1, 0, 0, 15);
$submitstr .= makesubmitstr('npassword2', 1, 0, 0, 15);
$submitstr .= tr_regcode('login');
tabfooter('bmemberpwd');
check_submit_func($submitstr);
} else {
if (!regcode_pass('login', empty($regcode) ? '' : trim($regcode))) {
mcmessage('regcodeerror', '?action=memberpwd');
}
$opassword = trim($opassword);
$npassword = trim($npassword);
$npassword2 = trim($npassword2);
if (md5(md5($opassword)) != $curuser->info['password']) {
mcmessage('oldpasserror', '?action=memberpwd');
}
if ($npassword != $npassword2) {
mcmessage('notsamepwd', '?action=memberpwd');
}
if (!$npassword || strlen($npassword) > 15 || $npassword != addslashes($npassword)) {
mcmessage('memberpwdillegal', '?action=memberpwd');
}
if ($enable_uc) {
tpl_refresh($tplname);
@(include M_ROOT . "template/{$templatedir}/pcache/{$tplname}.php");
$_content = ob_get_contents();
ob_clean();
mexit($_content);
}
} else {
//数据处理
load_cache('rfields,ucotypes');
include_once M_ROOT . "./include/fields.cls.php";
include_once M_ROOT . "./include/upload.cls.php";
include_once M_ROOT . "./include/arcedit.cls.php";
include_once M_ROOT . "./include/cuedit.cls.php";
include_once M_ROOT . "./include/cheader.inc.php";
$inajax ? aheader() : _header();
if (!regcode_pass('reply', empty($regcode) ? '' : trim($regcode))) {
mcmessage('regcodeerror', axaction(2, M_REFERER));
}
if (!$curuser->checkforbid('reply')) {
mcmessage('userisforbid', axaction(2, M_REFERER));
}
//屏蔽组
$aedit = new cls_arcedit();
$aedit->set_aid($aid);
$aedit->basic_data();
if (!$aedit->aid) {
mcmessage('choosereplyobject', axaction(2, M_REFERER));
}
if (!$aedit->archive['checked']) {
mcmessage('poinarcnoche');
}
if (!submitcheck('bpmsend')) {
//发送框
tabheader(lang('sendpm'), 'pmsend', "?action=pmsend&box={$box}&page={$page}", 2, 0, 1);
trbasic(lang('pmtitle'), 'pmnew[title]', '', 'btext');
trbasic(lang('pmtonames'), 'pmnew[tonames]', empty($tonames) ? '' : $tonames, 'btext');
trbasic(lang('pmcontent'), 'pmnew[content]', '', 'btextarea');
$submitstr = '';
// $submitstr .= makesubmitstr('pmnew[title]',1,0,0,80);
$submitstr .= makesubmitstr('pmnew[tonames]', 1, 0, 0, 100);
$submitstr .= makesubmitstr('pmnew[content]', 1, 0, 0, 1000);
$submitstr .= tr_regcode('pm');
tabfooter('bpmsend');
check_submit_func($submitstr);
} else {
//发送短信
if (!regcode_pass('pm', empty($regcode) ? '' : trim($regcode))) {
mcmessage(lang('regcodeerror'), M_REFERER);
}
$pmnew['title'] = trim($pmnew['title']);
$pmnew['tonames'] = trim($pmnew['tonames']);
$pmnew['content'] = trim($pmnew['content']);
if (empty($pmnew['content']) || empty($pmnew['tonames'])) {
mcmessage(lang('pmdatamiss'), M_REFERER);
}
$tos = array_filter(explode(',', $pmnew['tonames']));
$count = 0;
$pmnew['title'] = $pmnew['title'] ? $pmnew['title'] : ($pmnew['content'] ? $pmnew['content'] : '');
foreach ($tos as $to) {
if (uc_pm_send($uid, $to, $pmnew['title'], $pmnew['content'], 1, 0, 1)) {
$count++;
}
$_da = array('mchid' => $mchid);
_aenter($_da, 1);
@extract($btags);
extract($_da, EXTR_OVERWRITE);
tpl_refresh($tplname);
@(include M_ROOT . "template/{$templatedir}/pcache/{$tplname}.php");
$_content = ob_get_contents();
ob_clean();
mexit($_content);
}
} else {
$mname = addslashes(trim(stripslashes($mname)));
$password = trim($password);
$password2 = trim($password2);
$email = trim($email);
if (!regcode_pass('register', empty($regcode) ? '' : trim($regcode))) {
message('regcodeerror', M_REFERER);
}
if (strlen($mname) < 3 || strlen($mname) > 15) {
message('memnamelengthillegal', M_REFERER);
}
$guestexp = '\\xA1\\xA1|^Guest|^\\xD3\\xCE\\xBF\\xCD|\\xB9\\x43\\xAB\\xC8';
$censorexp = '/^(' . str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote($censoruser = trim($censoruser), '/')) . ')$/i';
if (preg_match("/^\\s*\$|^c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&]|{$guestexp}/is", $mname) || $censoruser && @preg_match($censorexp, $mname)) {
message('membcnameilleg', M_REFERER);
}
if ($db->result_one("SELECT COUNT(*) FROM {$tblprefix}members WHERE mname='{$mname}'")) {
message('memcnamerepeat', M_REFERER);
}
if ($password != $password2) {
message('notsamepwd', M_REFERER);
tabheader(lang('onlinepay'), 'paynew', '?action=payonline&deal=confirm', 2, 0, 1);
trbasic(lang('payinterface'), 'paynew[poid]', makeoption($poids), 'select');
trbasic(lang('payamount'), 'paynew[amount]', $amount, 'text', lang('payamountrmbi'));
trbasic(lang('contactorname'), 'paynew[truename]', empty($oldmsg['truename']) ? '' : $oldmsg['truename'], 'btext');
trbasic(lang('contacttel'), 'paynew[telephone]', empty($oldmsg['telephone']) ? '' : $oldmsg['telephone'], 'btext');
trbasic(lang('contactemail'), 'paynew[email]', empty($oldmsg['email']) ? '' : $oldmsg['email'], 'btext');
$submitstr = '';
$submitstr .= makesubmitstr('paynew[amount]', 1, 'number', 0, 15);
$submitstr .= makesubmitstr('paynew[truename]', 0, 0, 0, 80);
$submitstr .= makesubmitstr('paynew[telephone]', 0, 0, 0, 30);
$submitstr .= makesubmitstr('paynew[email]', 0, 'email', 0, 100);
$submitstr .= tr_regcode('payonline');
tabfooter('submit', lang('continue'));
check_submit_func($submitstr);
} elseif ($deal == 'confirm') {
if (!regcode_pass('payonline', empty($regcode) ? '' : trim($regcode))) {
mcmessage('regcodeerror', '?action=payonline');
}
$paynew['amount'] = max(0, round(floatval($paynew['amount']), 2));
empty($paynew['amount']) && mcmessage('pinputpayamount', '?action=payonline');
array_key_exists($paynew['poid'], $poids) || mcmessage('errorpaymode', '?action=payonline');
/*
$paynew['handfee'] = 0;
if(!empty($payonline['percent'])){
$paynew['handfee'] = round($paynew['amount'] * $payonline['percent'] / 100,2);
}
$paynew['total'] = $paynew['amount'] + $paynew['handfee'];*/
$paynew['truename'] = trim(strip_tags($paynew['truename']));
$paynew['telephone'] = trim(strip_tags($paynew['telephone']));
$paynew['email'] = trim(strip_tags($paynew['email']));
# $paynew['ordersn'] = $payonline['partner'].date('Ymd').date('His').random(4,1);
$curuser->updatedb();
$memberid = $curuser->info['mid'];
msetcookie('userauth', authcode("{$md5_password}\t" . $curuser->info['mid'], 'ENCODE'), $expires);
echo "<script> location.reload();</script>";
exit;
} else {
login_msg('账号/密码错误', '', 'error');
}
print_r($curuser);
exit;
}
login_msg('', '', 'error');
} elseif ($aflag == 'ipdenied') {
login_msg(lang('backarea_ip_forbid'), '', 'error');
} elseif ($aflag == 'recheck') {
if (empty($admin_password) || md5(md5($admin_password)) != $curuser->info['password'] || !regcode_pass('admin', empty($regcode) ? '' : trim($regcode))) {
if (!empty($admin_password) || !empty($regcode)) {
$db->query("UPDATE {$tblprefix}asession SET errorcount=errorcount+1 WHERE mid='{$memberid}'");
}
login_msg('', '', 'login');
} else {
$db->query("UPDATE {$tblprefix}asession SET errorcount='-1' WHERE mid='{$memberid}'");
login_msg(lang('admin_login_finish'), '?' . $_SERVER['QUERY_STRING'] . '');
if (!empty($url_forward)) {
echo "<meta http-equiv=refresh content=\"0;URL={$url_forward}\">";
exit;
}
}
}
include_once M_ROOT . './include/cache.fun.php';
load_cache('usednames,fcatalogs,mchannels');
arc_parse($_da);
_aenter($_da, 1);
@extract($btags);
extract($_da, EXTR_OVERWRITE);
tpl_refresh($tplname);
@(include M_ROOT . "template/{$templatedir}/pcache/{$tplname}.php");
$_content = ob_get_contents();
ob_clean();
mexit($_content);
}
} else {
include_once M_ROOT . './include/arcedit.cls.php';
include_once M_ROOT . "./include/cheader.inc.php";
$inajax ? aheader() : _header();
!$memberid && mcmessage('nousernooperatepermis', axaction(2, M_REFERER));
if (!regcode_pass('answer', empty($regcode) ? '' : trim($regcode))) {
mcmessage('regcodeerror', axaction(2, M_REFERER));
}
!$curuser->checkforbid('answer') && mcmessage('userisforbid', axaction(2, M_REFERER));
//屏蔽组
$aedit = new cls_arcedit();
$aedit->set_aid($aid);
$aedit->basic_data();
!$aedit->aid && mcmessage('choosearchive');
!($commu = read_cache('commu', $aedit->channel['cuid'])) && mcmessage('setcomitem', axaction(2, M_REFERER));
!$curuser->pmbypmids('cuadd', $commu['setting']['apmid']) && mcmessage('younoitempermis', axaction(2, M_REFERER));
($aedit->archive['closed'] || $aedit->archive['finishdate'] < $timestamp) && mcmessage('questionclosed', axaction(2, M_REFERER));
$communew['answer'] = empty($communew['answer']) ? '' : trim($communew['answer']);
empty($communew['answer']) && mcmessage('inputanswercontent', axaction(2, M_REFERER));
!empty($commu['setting']['minlength']) && strlen($communew['answer']) < $commu['setting']['minlength'] && mcmessage('answeroverminlength');
!empty($commu['setting']['maxlength']) && ($communew['answer'] = cutstr($communew['answer'], $commu['setting']['maxlength']));
tpl_refresh($tplname);
@(include M_ROOT . "template/{$templatedir}/pcache/{$tplname}.php");
$_content = ob_get_contents();
ob_clean();
mexit($_content);
}
} else {
//数据处理
load_cache('cfields,ucotypes');
include_once M_ROOT . "./include/fields.cls.php";
include_once M_ROOT . "./include/upload.cls.php";
include_once M_ROOT . "./include/arcedit.cls.php";
include_once M_ROOT . "./include/cuedit.cls.php";
include_once M_ROOT . "./include/cheader.inc.php";
$inajax ? aheader() : _header();
if (!regcode_pass('comment', empty($regcode) ? '' : trim($regcode))) {
mcmessage('regcodeerror', axaction(2, M_REFERER));
}
if (!$curuser->checkforbid('comment')) {
mcmessage('userisforbid', axaction(2, M_REFERER));
}
//屏蔽组
$aedit = new cls_arcedit();
$aedit->set_aid($aid);
$aedit->basic_data();
if (!$aedit->aid) {
mcmessage('choosecommentobject', axaction(2, M_REFERER));
}
if (!$aedit->archive['checked']) {
mcmessage('poinarcnoche');
}