Пример #1
0
 function remotelogin_action() {
     cookie::del('passinfo');
     $this->view->loginfalse=cookie::get('loginfalse'.md5($_SERVER['REQUEST_URI']));
     if (front::$args) {
         $user=new user();
         $args = xxtea_decrypt(base64_decode(front::$args), config::get('cookie_password'));
         $user=$user->getrow(unserialize($args));
         if (is_array($user)) {
             if ($user['groupid'] == '888')
                 front::$isadmin=true;
             cookie::set('login_username',$user['username']);
             cookie::set('login_password',front::cookie_encode($user['password']));
             session::set('username',$user['username']);
             require_once ROOT.'/celive/include/config.inc.php';
             require_once ROOT.'/celive/include/celive.class.php';
             $login=new celive();
             $login->auth();
             $GLOBALS['auth']->remotelogin($user['username'],$user['password']);
             $GLOBALS['auth']->check_login1();
             front::$user=$user;
         }elseif (!is_array(front::$user) ||!isset(front::$isadmin)) {
             cookie::set('loginfalse'.md5($_SERVER['REQUEST_URI']),(int) cookie::get('loginfalse'.md5($_SERVER['REQUEST_URI'])) +1,time() +3600);
             event::log('loginfalse','失败 user='******'username']);
             front::flash('密码错误或不存在该管理员!');
             front::refresh(url('admin/login',true));
         }
     }
     $this->render();
 }
Пример #2
0
 function logout_action() {
     cookie::del('login_username');
     cookie::del('login_password');
     session::del('username');
     session::del('roles');
     require_once ROOT.'/celive/include/config.inc.php';
     require_once ROOT.'/celive/include/celive.class.php';
     $login=new celive();
     $login->auth();
     $GLOBALS['auth']->logout();
     $GLOBALS['auth']->check_logout1();
     front::redirect(url::create('index'));
 }
Пример #3
0
    function __construct() {
    	if(preg_match('/(\'|")/', $_POST['username']) || preg_match('/(\'|")/', $_GET['username']) || preg_match('/(\'|")/', $_COOKIE['login_username'])){
    		exit('非法参数');
    	}
        self::$args=$_GET['args'];
        unset($_GET['args']);
        if($_GET['case'] == 'file'){@$_GET['admin_dir'] = config::get('admin_dir');}
        if (@$_GET['admin_dir'] == config::get('admin_dir'))
            $admin=1;
        if (@$_GET['m'] &&is_numeric(@$_GET['m'])) {
            header('location:?case=user&act=space&mid='.$_GET['m']);
        }
        if (@$_GET['g'] &&is_numeric(@$_GET['g'])) {
            header('location: ?case=manage&act=guestadd&manage=archive&guest=1');
        }
        if (@$admin) {
            include_once ROOT.'/'.config::get('admin_dir').'/init.php';
        }
        
        if (@$_GET['clean_login']) {
            $event=new event();
            $event->rec_delete("event='loginfalse'");
            cookie::del('loginfalse');
        }
        self::$admin=defined('ADMIN');
        self::$debug=defined('DEBUG');
        if(is_mobile()) $_GET['t']='wap';
        if (strtolower(config::get('template_dir')) == 'admin'||strtolower(config::get('template_dir')) == 'debug')
            exit(__CLASS__.','.__LINE__);
        if (!config::get('template_dir'))
            config::set('template_dir','default');
        if (isset($_SERVER['HTTP_REFERER']))
            self::$from=$_SERVER['HTTP_REFERER'];
        self::$host=isset($_SERVER['HTTP_X_FORWARDED_HOST']) ?$_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ?$_SERVER['HTTP_HOST'] : '');
        preg_match('/[\w-]+(\.(org|net|com|gov))?\.(\w+)$/',self::$host,$match);
        if (isset($match[0]))
            self::$domain=$match[0];
        else
            self::$domain=self::$host;
        self::$uri=$_SERVER['REQUEST_URI'];
        self::route();
        
        define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
        if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
        	exit('request_tainting');
        }
        
        if (!MAGIC_QUOTES_GPC) {
        	$_GET = daddslashes($_GET);
        	$_POST = daddslashes($_POST);
        	$_COOKIE = daddslashes($_COOKIE);
        }
        
        $dfile = htmlspecialchars($_GET['dfile']);
        foreach ($_GET as $key=>$value) {
            unset($_GET[$key]);
            if ($key == 'host'||$key == 'ftpip'||$key == 'request'||$key == 'notify_id'||$key == 'real_name') {
                $_GET[$key]=$value;
                continue;
            }
            $key=preg_replace('/[^\w-].*/','',$key);
            if ($key == 'tag'||$key == 'keyword') {
                $value=strip_tags(urldecode($value));
                $value=str_replace(' ','+',$value);
				if(preg_match('/union/i',$value) || preg_match('/"/i',$value) ||preg_match('/\'/i',$value)){
                	exit('非法参数');
                }
            }
            else
                $value=preg_replace('/[^\w-].*/','',$value);
            $_GET[$key]=$value;
        }
        
        self::$get=$_GET;
        self::$post=$_POST;
        self::$get['dfile'] = $dfile;
        if (isset(self::$post['verify']))
            self::$post['verify']=strtoupper(self::$post['verify']);
        self::$case=isset(self::$get['case']) ?self::$get['case'] : (self::$admin ?'index': 'index');
        self::$act=isset(self::$get['act']) ?self::$get['act'] : 'index';
        if (preg_match("%".self::$host."%i",self::$from))
            self::$from=preg_replace('%http://'.self::$host.'%','',self::$from);
        if (!front::$admin ||front::$html ||self::$rewrite)
            config::set('base_url',preg_replace('%/index.php%i','',$_SERVER['PHP_SELF']));
        else {
            $_url=preg_replace('/'.THIS_URL.'$/i','',rtrim(preg_replace('/(index\.php|\?).*/i','',self::$uri),'/'));
            config::set('base_url',str_replace(ROOT,'',$_url));
        }
        
        new stsession(new sessionox());//初始化DB 存储SESSION
        
        if (self::$admin)
            $this->admin();
    }
Пример #4
0
 function logout_action() {
     cookie::del('login_username');
     cookie::del('login_password');
     session::del('username');
     front::redirect(url::create('user/login'));
     exit;
 }
Пример #5
0
 function init() {
Пример #6
0
 /**
  * 清空訂單
  * @return void
  */
 static function clear()
 {
     cookie::del('orderids');
 }