function onlogin_into() { include_once admin_ROOT . '/public/class_seccode.php'; $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->calladminmessage($this->lng['management_token_message'], $this->lng['goback_botton'], $linkURL, 1); } list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); parent::start_template(); $db_table = db_prefix . "admin_member"; $seccode = strtoupper($this->fun->accept('seccode', 'P', 1)); $username = $this->fun->accept('username', 'P', 1); if (!preg_match("/^[a-zA-Z]{1}[a-zA-Z0-9]{4,19}\$/i", $username)) { $this->calladminmessage($this->lng['adminuser_login_incorrect_mess'], $this->lng['goback_botton'], $linkURL, 1); } $password_key = $this->fun->accept('password', 'P', 1); $password = md5($this->fun->accept('password', 'P', 1)); if ($new_seccode != $seccode) { $this->calladminmessage($this->lng['adminuser_login_seccode_error_mess'], $this->lng['goback_botton'], $linkURL, 1); } else { $db_where = "username='******' AND password='******' AND isclass=1"; $rsMember = $this->db->fetch_first('SELECT id,username,password,powergroup,inputclassid,isclass FROM ' . $db_table . ' WHERE ' . $db_where); if (!$rsMember) { $this->writelog($this->lng['adminuser_login_log_action'], $this->lng['log_extra_no'] . ' user='******' password='******'adminuser_login_incorrect_mess'], $this->lng['goback_botton'], $linkURL, 1); } else { $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $ipadd = empty($ipadd) ? 0 : $ipadd; $date = time(); $db_set = "intime={$date},ipadd={$ipadd},hit=hit+1"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); $db_table = db_prefix . 'admin_powergroup'; $db_where = 'id=' . $rsMember['powergroup']; $rsPower = $this->db->fetch_first('SELECT powername,powerlist FROM ' . $db_table . ' WHERE ' . $db_where); if ($rsPower['powerlist'] != 'all') { $rsPower_array = explode('|', $rsPower['powerlist']); $rsPower_array = is_array($rsPower_array) ? $this->fun->exp_array($rsPower_array) : $rsPower_array; $sysArray = $this->get_powermenulist('all'); $sys_newsArray = array(); foreach ($sysArray as $key => $value) { $sys_newsArray[] = $value['loadfun']; } $sys_newsArray = $this->fun->exp_array($sys_newsArray); $diff_array = array_diff($sys_newsArray, $rsPower_array); $rsPower['powerlist'] = implode('|', $diff_array); } $this->fun->setcookie("esp_powerlist", $this->fun->eccode($rsPower['powerlist'], 'ENCODE', db_pscode)); $this->fun->setcookie('ecisp_admininfo', $this->fun->eccode("{$rsMember['id']}|{$rsMember['username']}|{$rsMember['password']}|" . md5($_SERVER['HTTP_USER_AGENT']) . '|' . $rsMember[powergroup] . '|' . $rsMember[inputclassid] . '|' . md5(admin_ClassURL), 'ENCODE', db_pscode)); $this->writelog($this->lng['adminuser_login_log_action'], $this->lng['log_extra_ok'] . ' user='******'username'], $rsMember['username']); header('location: index.php?archive=management&action=tab&loadfun=mangercenter&out=tabcenter'); exit('true'); } } }
function in_save() { parent::start_pagetemplate(); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $linkURL = $_SERVER['HTTP_REFERER']; if ($this->CON['bbs_isseccode']) { $seccode = $this->fun->accept('seccode', 'P'); include_once admin_ROOT . 'public/class_seccode.php'; list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); if ($new_seccode != strtoupper($seccode)) { $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']); } } $db_table = db_prefix . "document_message"; $did = intval($this->fun->accept('did', 'P')); $did = empty($did) ? 0 : $did; $userid = intval($this->fun->accept('userid', 'P')); $userid = empty($userid) ? 0 : $userid; $name = $this->fun->accept('name', 'P'); $content = $this->fun->accept('content', 'P'); $content = empty($content) ? '' : $this->fun->Text2Html($content, false); if (empty($did)) { $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackbotton']); } if (empty($name) || empty($content)) { $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']); } $isclass = $this->CON['bbs_isclass'] ? 0 : 1; if (!$this->CON['is_anonymous']) { parent::member_purview(1); } $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $addtime = time(); if (!empty($this->ec_member_username_id)) { $rsMember = $this->get_member(null, $this->ec_member_username_id); $lockusername = explode(',', $this->CON['bbs_username']); if (in_array($this->ec_member_username, $lockusername)) { $this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']); } } if (!empty($this->CON['bbs_filter'])) { if ($this->fun->screening_key($content, $this->CON['bbs_filter'])) { $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']); } } $usersessionid = md5($ipadd + $did . 'input'); $inputseesion = $this->fun->accept($usersessionid, 'C'); if (empty($inputseesion) && $this->CON['bbs_inputtime']) { $this->fun->setcookie($usersessionid, $addtime, $this->CON['bbs_inputtime']); } elseif ($this->CON['bbs_inputtime']) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']); } $db_field = 'did,userid,adminid,ipadd,lng,name,content,recontent,isreply,isclass,addtime,retime,support,oppose'; $db_values = "{$did},{$userid},0,{$ipadd},'{$lng}','{$name}','{$content}','',0,{$isclass},{$addtime},0,0,0"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); $this->fun->setcookie('ecisp_home_seccode', null); if ($this->CON['bbs_ismail']) { $this->bbsmailsend('bbsrequest', $insert_id); } $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']); }
function onlogin() { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $this->load('user'); $username = getgpc('username', 'P'); $password = getgpc('password', 'P'); $iframe = getgpc('iframe') ? 1 : 0; $isfounder = intval(getgpc('isfounder', 'P')); /* echo $sid = $this->sid_encode('admin'); echo $this->sid_decode($sid); */ $rand = rand(100000, 999999); $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 180)); $errorcode = 0; if ($this->submitcheck()) { $failedlogin = $this->db->fetch_first("SELECT * FROM " . UC_DBTABLEPRE . "failedlogins WHERE ip='{$this->onlineip}'"); if ($failedlogin['count'] > 4) { if ($this->time - $failedlogin['lastupdate'] < 15 * 60) { $errorcode = UC_LOGIN_ERROR_FAILEDLOGIN; } else { $expiration = $this->time - 15 * 60; $this->db->query("DELETE FROM " . UC_DBTABLEPRE . "failedlogins WHERE lastupdate<'{$expiration}'"); } } else { $seccodehidden = urldecode(getgpc('seccodehidden', 'P')); $seccode = strtoupper(getgpc('seccode', 'P')); $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey); require UC_ROOT . './lib/seccode.class.php'; seccode::seccodeconvert($seccodehidden); if (empty($seccodehidden) || $seccodehidden != $seccode) { $errorcode = UC_LOGIN_ERROR_SECCODE; } else { $errorcode = UC_LOGIN_SUCCEED; $this->user['username'] = $username; if ($isfounder == 1) { $this->user['username'] = '******'; $md5password = md5(md5($password) . UC_FOUNDERSALT); if ($md5password == UC_FOUNDERPW) { $username = $this->user['username']; $this->view->sid = $this->sid_encode($this->user['username']); } else { $errorcode = UC_LOGIN_ERROR_FOUNDER_PW; } } else { $admin = $this->db->fetch_first("SELECT a.uid,m.username,m.salt,m.password FROM " . UC_DBTABLEPRE . "admins a LEFT JOIN " . UC_DBTABLEPRE . "members m USING(uid) WHERE a.username='******'"); if (!empty($admin)) { $md5password = md5(md5($password) . $admin['salt']); if ($admin['password'] == $md5password) { $this->view->sid = $this->sid_encode($admin['username']); } else { $errorcode = UC_LOGIN_ERROR_ADMIN_PW; } } else { $errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS; } } if ($errorcode == 0) { $this->setcookie('sid', $this->view->sid, 86400); $pwlen = strlen($password); $this->user['admin'] = 1; $this->writelog('login', 'succeed'); if ($iframe) { header('location: admin.php?m=frame&a=main&iframe=1' . ($this->cookie_status ? '' : '&sid=' . $this->view->sid)); exit; } else { header('location: admin.php' . ($this->cookie_status ? '' : '?sid=' . $this->view->sid)); exit; } } else { $this->writelog('login', 'error: user='******'username'] . '; password='******'{$expiration}'"); $this->db->query("INSERT INTO " . UC_DBTABLEPRE . "failedlogins SET ip='{$this->onlineip}', count=1, lastupdate='{$this->time}'"); } else { $this->db->query("UPDATE " . UC_DBTABLEPRE . "failedlogins SET count=count+1,lastupdate='{$this->time}' WHERE ip='{$this->onlineip}'"); } } } } } $username = htmlspecialchars($username); $password = htmlspecialchars($password); $this->view->assign('seccodeinit', $seccodeinit); $this->view->assign('username', $username); $this->view->assign('password', $password); $this->view->assign('isfounder', $isfounder); $this->view->assign('errorcode', $errorcode); $this->view->assign('iframe', $iframe); $this->view->display('admin_login'); }
function onsend() { $a = getgpc('a'); $do = getgpc('do'); $this->_auth(); $uid = $this->user['uid']; $this->load('friend'); $totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3); $friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array(); if (!$this->submitcheck()) { $extra = 'extra=' . rawurlencode($_GET['extra']); $type = !empty($_GET['type']) ? $_GET['type'] : ''; $pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0; $daterange = $_GET['daterange'] ? intval($_GET['daterange']) : 1; $touid = intval($_GET['touid']); $plid = intval($_GET['plid']); $folder = getgpc('folder'); $pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0); $unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1); $touser = ''; if ($pmid) { $tmp = $_ENV['pm']->getpmbypmid($uid, $pmid); $tmp = $tmp[0]; } else { $tmp = array(); } if (!empty($pmid)) { if ($do == 'forward') { $user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']); $tmp['message'] = $this->lang['pm_from'] . ': ' . $tmp['author'] . "\n" . $this->lang['pm_to'] . ': ' . htmlspecialchars($user['username']) . "\n" . $this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" . '[quote]' . trim(preg_replace("/(\\[quote])(.*)(\\[\\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n"; } } else { !empty($_GET['msgto']) && ($touser = htmlspecialchars($_GET['msgto'])); !empty($_GET['subject']) && ($tmp['subject'] = $_GET['subject']); !empty($_GET['message']) && ($tmp['message'] = $_GET['message']); } if ($this->settings['sendpmseccode']) { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $rand = rand(100000, 999999); $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720)); $this->view->assign('seccodeinit', $seccodeinit); } $this->view->assign('sendpmseccode', $this->settings['sendpmseccode']); $this->view->assign('touser', $touser); $this->view->assign('user', $this->user); $this->view->assign('pmnum_private', $pmnum_private); $this->view->assign('pmnum_chatpm', $pmnum_chatpm); $this->view->assign('unreadpmnum', $unreadpmnum); $this->view->assign('friends', $friends); $this->view->assign('extra', $extra); $this->view->assign('pmid', $pmid); $this->view->assign('daterange', $daterange); $this->view->assign('touid', $touid); $this->view->assign('plid', $plid); $this->view->assign('a', $a); $this->view->assign('do', $do); $this->view->assign('folder', $folder); $tmp['message'] = htmlspecialchars($tmp['message']); $this->view->assign('message', $tmp['message']); $this->view->assign('type', $type); $this->view->display('pm_send'); } else { if ($this->settings['sendpmseccode']) { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $seccodehidden = urldecode(getgpc('seccodehidden', 'P')); $seccode = strtoupper(getgpc('seccode', 'P')); $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey); require UC_ROOT . './lib/seccode.class.php'; seccode::seccodeconvert($seccodehidden); if (empty($seccodehidden) || $seccodehidden != $seccode) { $this->message('pm_send_seccode_error', 'BACK', 1); } } $user = $_ENV['user']->get_user_by_uid($this->user['uid']); $this->user['username'] = daddslashes($user['username'], 1); $touid = intval(getgpc('touid')); $daterange = intval(getgpc('daterange')); $type = intval(getgpc('type')); $replypmid = @is_numeric($_GET['replypmid']) ? $_GET['replypmid'] : 0; $msgto = array(); if ($replypmid) { $plid = $_ENV['pm']->getplidbypmid($replypmid); $msgto = $_ENV['pm']->getuidbyplid($plid); unset($msgto[$uid]); } else { if (!empty($_POST['msgto'])) { $msgto = explode(',', $_POST['msgto']); $msgto = $_ENV['user']->name2id($msgto); } } if (isset($_POST['friend'])) { $frienduids = array(); foreach ($friends as $friend) { $frienduids[] = $friend['friendid']; } foreach ($_POST['friend'] as $friendid) { if (in_array($friendid, $frienduids)) { $msgto[] = $friendid; } } } if (!$msgto) { $this->message('receiver_no_exists', 'BACK', 1); } $msgto = array_unique($msgto); $countmsgto = count($msgto); if ($this->settings['pmsendregdays']) { if ($user['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) { $this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays'])); } } if ($this->settings['chatpmmemberlimit']) { if ($type == 1 && $countmsgto > $this->settings['chatpmmemberlimit'] - 1) { $this->message('pm_send_chatpmmemberlimit_error', 'BACK', 1, array('$chatpmmemberlimit' => $this->settings['chatpmmemberlimit'])); } } if ($this->settings['pmfloodctrl']) { if (!$_ENV['pm']->ispminterval($this->user['uid'], $this->settings['pmfloodctrl'])) { $this->message('pm_send_pmfloodctrl_error', 'BACK', 1, array('$pmfloodctrl' => $this->settings['pmfloodctrl'])); } } if ($this->settings['privatepmthreadlimit']) { if (!$_ENV['pm']->isprivatepmthreadlimit($this->user['uid'], $this->settings['privatepmthreadlimit'])) { $this->message('pm_send_privatepmthreadlimit_error', 'BACK', 1, array('$privatepmthreadlimit' => $this->settings['privatepmthreadlimit'])); } } if ($this->settings['chatpmthreadlimit']) { if (!$_ENV['pm']->ischatpmthreadlimit($this->user['uid'], $this->settings['chatpmthreadlimit'])) { $this->message('pm_send_chatpmthreadlimit_error', 'BACK', 1, array('$chatpmthreadlimit' => $this->settings['chatpmthreadlimit'])); } } if ($replypmid) { $lastpmid = $_ENV['pm']->replypm($plid, $this->user['uid'], $this->user['username'], $_POST['message']); } else { $lastpmid = $_ENV['pm']->sendpm($this->user['uid'], $this->user['username'], $msgto, $_POST['message'], $type); } if ($lastpmid > 0) { if ($replypmid) { if ($touid) { $this->message('pm_send_succeed', "index.php?m=pm_client&a=view&touid={$touid}&daterange={$daterange}&filter=privatepm", 1); } else { $this->message('pm_send_succeed', "index.php?m=pm_client&a=view&plid={$plid}&daterange={$daterange}&filter=chatpm", 1); } } else { if (!$type) { $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=privatepm', 1); } else { $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=chatpm', 1); } } } else { $this->message('pm_send_ignore', 'BACK', 1); } } }
function in_lostpasswdsave() { if (!$this->CON['mem_isclose']) { $linkURL = $_SERVER['HTTP_REFERER']; $this->callmessage($this->lng['mem_close'], $linkURL, $this->lng['gobackbotton']); } if (!$this->CON['is_email']) { $linkURL = $this->get_link('memberlogin', '', admin_LNG); $this->callmessage($this->lng['main_send_no'], $linkURL, $this->lng['gobackurlbotton']); } if ($this->CON['mem_isucenter']) { include_once admin_ROOT . 'public/uc_client/client.php'; } $linkURL = $_SERVER['HTTP_REFERER']; $username = $this->fun->accept('username', 'P'); $email = $this->fun->accept('email', 'P'); if (!preg_match("/^[^!@~`\\'\"#\$\\%\\^&\\*\\(\\)\\+\\-\\{\\}\\[\\]\\|\\/\\?\\<\\>\\,\\.\\:\\;]{2,16}\$/i", $username)) { $this->callmessage($this->lng['username_err'], $linkURL, $this->lng['gobackbotton']); } if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']); } if ($this->CON['mem_isseccode']) { $seccode = $this->fun->accept('seccode', 'P'); include_once admin_ROOT . 'public/class_seccode.php'; list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); if ($new_seccode != strtoupper($seccode)) { $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']); } } $lockusername = explode(',', $this->CON['mem_lock']); if (in_array($username, $lockusername)) { $this->callmessage($this->lng['member_memlock'], $linkURL, $this->lng['gobackbotton']); } if (empty($username) || empty($email)) { $this->callmessage($this->lng['username_err'], $linkURL, $this->lng['gobackbotton']); } else { $db_table = db_prefix . "member"; $db_where = "username='******' AND email='{$email}' AND isclass=1"; $db_sql = "SELECT * FROM {$db_table} WHERE {$db_where}"; $rsMember = $this->db->fetch_first($db_sql); if ($rsMember) { $password = $this->fun->getStr(8); $password2 = md5($password); $db_set = "password='******'"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); if ($this->CON['mem_isucenter']) { $data = uc_get_user($username); if ($data) { list($uid2, $username2, $email2) = $data; if ($email == $email2) { uc_user_edit($username, $password, $password, $email, 1); } } } if (!empty($email)) { $this->membermailsend('memberpw', $rsMember['userid'], $password); } $linkURL = $this->get_link('memberlogin', '', admin_LNG); $this->callmessage($this->lng['password_lostok'], $linkURL, $this->lng['memberlogin']); } else { $linkURL = $this->get_link('memberlogin', '', admin_LNG); $this->callmessage($this->lng['password_losterr'], $linkURL, $this->lng['gobackurlbotton']); } } }
function onsend() { $folder = getgpc('folder'); $filter = getgpc('filter'); $a = getgpc('a'); $do = getgpc('do'); $this->_auth(); $uid = $this->user['uid']; if ($this->settings['pmsendregdays']) { $fromuser = $_ENV['user']->get_user_by_uid($uid); if ($fromuser['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) { $this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays'])); } } $this->load('friend'); $totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3); $friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array(); if (!$this->submitcheck()) { $touser = ''; $pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0; if ($pmid) { $tmp = $_ENV['pm']->get_pm_by_pmid($uid, $pmid); $tmp = $tmp[0]; } else { $tmp = array(); } $pmnum = $_ENV['pm']->get_pm_num($uid, $folder, $filter, $a); if (!empty($pmid)) { if ($do == 'forward') { $tmp['subject'] = 'Fw: ' . $tmp['subject']; $user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']); $tmp['message'] = ($tmp['msgfromid'] ? $this->lang['pm_from'] . ': ' . $tmp['msgfrom'] : $this->lang['pm_system']) . "\n" . $this->lang['pm_to'] . ': ' . htmlspecialchars($user['username']) . "\n" . $this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" . '[quote]' . trim(preg_replace("/(\\[quote])(.*)(\\[\\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n"; } require_once UC_ROOT . 'lib/uccode.class.php'; $this->uccode = new uccode(); $tmp['messagepreview'] = $this->uccode->complie($tmp['message']); } else { !empty($_GET['msgto']) && ($touser = htmlspecialchars($_GET['msgto'])); !empty($_GET['subject']) && ($tmp['subject'] = $_GET['subject']); !empty($_GET['message']) && ($tmp['message'] = $_GET['message']); } $related = $a == 'reply' ? $tmp['related'] : 0; $folder = 'send'; $extra = 'extra=' . rawurlencode($_GET['extra']); $type = !empty($_GET['type']) ? $_GET['type'] : ''; $unreadpmnum = $pmnum[1] + $pmnum[2]; if ($this->settings['sendpmseccode']) { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $rand = rand(100000, 999999); $seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720)); $this->view->assign('seccodeinit', $seccodeinit); } $this->view->assign('sendpmseccode', $this->settings['sendpmseccode']); $this->view->assign('touser', $touser); $this->view->assign('related', $related); $this->view->assign('user', $this->user); $this->view->assign('pmnum', $pmnum); $this->view->assign('unreadpmnum', $unreadpmnum); $this->view->assign('friends', $friends); $this->view->assign('extra', $extra); $extra = getgpc('extra'); $this->view->assign('extraret', $extra); $this->view->assign('pmid', $pmid); $this->view->assign('a', $a); $this->view->assign('do', $do); $this->view->assign('folder', $folder); $tmp['subject'] = htmlspecialchars($tmp['subject']); $tmp['message'] = htmlspecialchars($tmp['message']); $this->view->assign('subject', $tmp['subject']); $this->view->assign('message', $tmp['message']); $this->view->assign('messagepreview', $tmp['messagepreview']); $this->view->assign('type', $type); $this->view->display('pm_send'); } else { if ($this->settings['sendpmseccode']) { $authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip); $seccodehidden = urldecode(getgpc('seccodehidden', 'P')); $seccode = strtoupper(getgpc('seccode', 'P')); $seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey); require UC_ROOT . './lib/seccode.class.php'; seccode::seccodeconvert($seccodehidden); if (empty($seccodehidden) || $seccodehidden != $seccode) { $this->message('pm_send_seccode_error', 'BACK', 1); } } $user = $_ENV['user']->get_user_by_uid($this->user['uid']); $this->user['username'] = daddslashes($user['username'], 1); if ($_POST['saveoutbox']) { $pmid = $_ENV['pm']->sendpm($_POST['subject'], $_POST['message'], $this->user, $uid, $_GET['pmid'], 1, $_POST['related']); $this->message('pm_save_succeed', 'index.php?m=pm_client&a=send&do=savebox&folder=savebox&pmid=' . $_GET['pmid'] . '&extra=' . rawurlencode($_GET['extra']), 1); } else { $msgto = array(); $tmp = $_ENV['user']->get_user_by_username($_POST['msgto']); $tmp && ($msgto[] = $tmp['uid']); if (isset($_POST['friend'])) { $frienduids = array(); foreach ($friends as $friend) { $frienduids[] = $friend['friendid']; } foreach ($_POST['friend'] as $friendid) { if (in_array($friendid, $frienduids)) { $msgto[] = $friendid; } } } if (!$msgto) { $this->message('receiver_no_exists', 'BACK', 1); } $pmlimit1day = $this->settings['pmlimit1day'] && $_ENV['pm']->count_pm_by_fromuid($this->user['uid'], 86400) > $this->settings['pmlimit1day']; if ($pmlimit1day || $this->settings['pmfloodctrl'] && $_ENV['pm']->count_pm_by_fromuid($this->user['uid'], $this->settings['pmfloodctrl'])) { if (!$_ENV['friend']->is_friend($this->user['uid'], $msgto, 3)) { if (!$_ENV['pm']->is_reply_pm($this->user['uid'], $msgto)) { if ($pmlimit1day) { $this->message('pm_send_limit1day_error', 'BACK', 1); } else { $this->message('pm_send_floodctrl_error', 'BACK', 1); } } } } $msgto = array_unique($msgto); $blackls = $_ENV['pm']->get_blackls($uid, $msgto); $sent = 0; foreach ($msgto as $uid) { if (!in_array('{ALL}', $blackls[$uid])) { $blackls[$uid] = $_ENV['user']->name2id($blackls[$uid]); if (isset($blackls[$uid]) && !in_array($this->user['uid'], $blackls[$uid]) && $_ENV['pm']->sendpm($_POST['subject'], $_POST['message'], $this->user, $uid, 0, 0, $_POST['related'])) { $sent++; } } } if ($sent) { $this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&folder=' . ($_POST['folder'] ? $_POST['folder'] : 'inbox'), 1, array('$sent' => $sent)); } else { $this->message('pm_send_ignore', 'BACK', 1); } } } }
if ($sax_uid && $sax_pw && $sax_group) { redirect('您已经处于登陆状态', $referer); } include template('register'); PageEnd(); } } if ($_POST['action'] == 'doregister') { if ($_SERVER['REQUEST_METHOD'] == 'POST' && (empty($_SERVER['HTTP_REFERER']) || $GLOBALS['formhash'] != formhash() || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) !== preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) { redirect('您的请求来路不正确,无法提交.'); } else { if ($options['seccode']) { $clientcode = $_POST['clientcode']; include_once SABLOG_ROOT . 'include/class/seccode.class.php'; $code = new seccode(); $code->seccodeconvert($_SESSION['seccode']); if (!$clientcode || strtolower($clientcode) != strtolower($_SESSION['seccode'])) { $_SESSION['seccode'] = random(6, 1); redirect('验证码错误,请返回重新输入.', $referer); } } } //取值 $username = trim($_POST['username']); $password = $_POST['password']; $comfirpassword = $_POST['comfirpassword']; $email = trim($_POST['email']); $url = trim($_POST['url']); $referer = trim($_POST['referer']); //检测网址 if (!isurl($url)) {
function in_save() { $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } parent::start_pagetemplate(); $lng = admin_LNG == 'big5' ? $this->CON['is_lancode'] : admin_LNG; $inputclass = $this->fun->accept('inputclass', 'P'); $btid = intval($this->fun->accept('btid', 'P')); if (empty($btid)) { $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackurlbotton']); } $db_table = db_prefix . "bbs"; $title = trim($this->fun->accept('title', 'P', true, true)); $title = $this->fun->substr($title, 80); $username = $this->fun->accept('username', 'P', true, true); $username = $this->fun->substr($username, 20); $email = trim($this->fun->accept('email', 'P', true, true)); $content = $this->fun->accept('content', 'P'); $content = empty($content) ? '' : $this->fun->Text2Html($content, false); $userid = intval($this->fun->accept('userid', 'P')); if (empty($title)) { $this->callmessage($this->lng['forum_title_err'], $linkURL, $this->lng['gobackbotton']); } if (empty($content) || empty($username)) { $this->callmessage($this->lng['forum_input_err'], $linkURL, $this->lng['gobackbotton']); } if (!preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->callmessage($this->lng['email_err'], $linkURL, $this->lng['gobackbotton']); } $typeread = $this->get_bbstype_view($btid); if (!$typeread) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $qq = $this->fun->accept('qq', 'P', true, true); $qq = $this->fun->substr($qq, 10); $msn = $this->fun->accept('msn', 'P', true, true); $address = $this->fun->accept('address', 'P', true, true); $address = $this->fun->substr($address, 150); $tel = $this->fun->accept('tel', 'P', true, true); $tel = $this->fun->substr($tel, 15); $mobile = $this->fun->accept('mobile', 'P', true, true); $mobile = $this->fun->substr($mobile, 15); if ($typeread['isseccode']) { $seccode = $this->fun->accept('seccode', 'P'); include_once admin_ROOT . 'public/class_seccode.php'; list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); if ($new_seccode != strtoupper($seccode)) { $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']); } } if (!$typeread['isclass']) { exit("Information parameter error!"); } elseif ($typeread['purview'] > 0) { parent::member_purview($purview); } $isclass = $typeread['isaddclass'] ? 0 : 1; if ($typeread['purview'] > 0) { parent::member_purview($typeread['purview']); } if (!empty($this->ec_member_username_id)) { $rsMember = $this->get_member(null, $this->ec_member_username_id); $lockusername = explode(',', $this->CON['bbs_username']); if (in_array($this->ec_member_username, $lockusername)) { $this->callmessage($this->lng['forum_mem_username'], $_SERVER['HTTP_REFERER'], $this->lng['gobackbotton']); } } if (!empty($this->CON['bbs_filter'])) { if ($this->fun->screening_key($content, $this->CON['bbs_filter']) || $this->fun->screening_key($title, $this->CON['bbs_filter'])) { $this->callmessage($this->lng['forum_input_filter'], $linkURL, $this->lng['gobackbotton']); } } $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $addtime = time(); $usersessionid = md5($ipadd + $btid . 'input'); $inputseesion = $this->fun->accept($usersessionid, 'C'); if (empty($inputseesion) && $typeread['inputtime']) { $this->fun->setcookie($usersessionid, $addtime, $typeread['inputtime']); } elseif ($typeread['inputtime']) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']); } if ($inputclass == 'add') { $db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd'; $db_values = "{$btid},0,0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); $this->fun->setcookie('ecisp_home_seccode', null); if ($typeread['ispage'] == 2) { $linkURL = $this->get_link('forum', $typeread, admin_LNG); } if ($typeread['ismail'] && $this->CON['is_email']) { $mailcode = $typeread['mailcode'] ? $typeread['mailcode'] : 'forumnew'; $putmail = $typeread['putmail'] ? $typeread['putmail'] : $this->CON['admine_mail']; $this->forumsendmail($mailcode, $insert_id, $putmail); } if ($typeread['issms'] && $this->CON['is_moblie']) { $messageArray = array('title' => $title); $mobile = $this->CON['moblie_number']; if ($typeread['smscode']) { $this->membersmssend($messageArray, $mobile, $typeread['smscode']); } } $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']); } if ($inputclass == 'reinput') { $upbid = intval($this->fun->accept('bid', 'P')); $reemail = $this->fun->accept('reemail', 'P'); $db_where = "bid={$upbid} AND isclass=1"; $db_set = "replynum=replynum+1,retime={$addtime}"; $this->db->query('UPDATE ' . $db_table . ' SET ' . $db_set . ' WHERE ' . $db_where); $db_field = 'btid,upbid,adminid,userid,lng,title,content,username,email,qq,msn,address,tel,mobile,replynum,click,addtime,retime,isclass,istop,ipadd'; $db_values = "{$btid},{$upbid},0,{$userid},'{$lng}','{$title}','{$content}','{$username}','{$email}','{$qq}','{$msn}','{$address}','{$tel}','{$mobile}',0,0,{$addtime},0,{$isclass},0,'{$ipadd}'"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $this->fun->setcookie('ecisp_home_seccode', null); if ($typeread['ismail'] && $this->CON['is_email']) { if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $reemail)) { $this->forumsendmail('forumre', $upbid, $reemail); } } $this->callmessage($this->lng['forum_input_ok'], $linkURL, $this->lng['gobackurlbotton']); } }
function in_save() { $linkURL = $_SERVER['HTTP_REFERER']; if (!$this->fun->is_token()) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackbotton']); } $fgid = intval($this->fun->accept('fgid', 'P')); if (!$fgid) { $this->callmessage($this->lng['db_err'], $linkURL, $this->lng['gobackurlbotton']); } $formcode = $this->fun->accept('formcode', 'P'); $form = $this->get_form_purview($fgid); if (!$form) { $this->callmessage($this->lng['db_err'], $_SERVER['HTTP_REFERER'], $this->lng['gobackurlbotton']); } $ipadd = $this->fun->ip($_SERVER['REMOTE_ADDR']); $usersessionid = md5($ipadd + $formcode . 'input'); $inputseesion = $this->fun->accept($usersessionid, 'C'); $did = intval($this->fun->accept('did', 'P')); $did = empty($did) ? 0 : $did; $userid = intval($this->member_cookieview('userid')); $userid = empty($userid) ? 0 : $userid; $addtime = time(); if ($form['isseccode']) { $seccode = $this->fun->accept('seccode', 'P'); include_once admin_ROOT . '/public/class_seccode.php'; list($new_seccode, $expiration) = explode("\t", $this->fun->eccode($_COOKIE['ecisp_home_seccode'], 'DECODE')); $code = new seccode(); $code->seccodeconvert($new_seccode); if ($new_seccode != strtoupper($seccode)) { $this->callmessage($this->lng['seescodeerr'], $linkURL, $this->lng['gobackbotton']); } } if (empty($inputseesion) && $form['inputtime']) { $this->fun->setcookie($usersessionid, $addtime, $form['inputtime']); } elseif ($form['isinputtime']) { $this->callmessage($this->lng['repeatinput'], $linkURL, $this->lng['gobackurlbotton']); } if ($form['purview'] > 0) { $this->member_purview($form['purview']); } $formatt = $this->get_formatt($fgid, true); $formattarray = array(); foreach ($formatt as $key => $value) { if ($value['inputtype'] == 'htmltext') { $value['accept'] = 'html'; } elseif ($value['inputtype'] == 'checkbox') { $value['accept'] = 'checkbox'; } elseif ($value['inputtype'] == 'string' || $value['inputtype'] == 'img' || $value['inputtype'] == 'addon' || $value['inputtype'] == 'video' || $value['inputtype'] == 'select' || $value['inputtype'] == 'radio' || $value['inputtype'] == 'selectinput') { $value['accept'] = 'text'; } elseif ($value['inputtype'] == 'editor' || $value['inputtype'] == 'text') { $value['accept'] = 'editor'; } elseif ($value['inputtype'] == 'int') { $value['accept'] = 'int'; } elseif ($value['inputtype'] == 'float' || $value['inputtype'] == 'decimal') { $value['accept'] = 'float'; } elseif ($value['inputtype'] == 'datetime') { $value['accept'] = 'data'; } $formattarray[] = $value; } $sysinstalldb = null; foreach ($formattarray as $key => $value) { $sysinstall .= $value['attrname'] . ','; if ($value['accept'] == 'int') { $valuestr = intval($this->fun->accept($value['attrname'], 'P')); $valuestr = empty($valuestr) ? 0 : $valuestr; $sysinstalldb .= "{$valuestr},"; } elseif ($value['accept'] == 'float') { $valuestr = floatval($this->fun->accept($value['attrname'], 'P')); $valuestr = empty($valuestr) ? 0 : $valuestr; $sysinstalldb .= "{$valuestr},"; } elseif ($value['accept'] == 'html') { $valuestr = $this->fun->accept($value['attrname'], 'P'); $valuestr = empty($valuestr) ? '' : $this->fun->Text2Html($valuestr); $sysinstalldb .= "'{$valuestr}',"; } elseif ($value['accept'] == 'editor') { $valuestr = $this->fun->accept($value['attrname'], 'P', true, true); $valuestr = $this->fun->substr($valuestr, 1000); $sysinstalldb .= "'{$valuestr}',"; } elseif ($value['accept'] == 'text') { $valuestr = $this->fun->accept($value['attrname'], 'P', true, true); $valuestr = $this->fun->substr($valuestr, 150); $sysinstalldb .= "'{$valuestr}',"; } elseif ($value['accept'] == 'data') { $valuestr = $this->fun->accept($value['attrname'], 'P', true, true); $valuestr = empty($valuestr) ? 0 : intval(strtotime($valuestr)); $sysinstalldb .= "{$valuestr},"; } elseif ($value['accept'] == 'checkbox') { $valuestr = $this->fun->accept($value['attrname'], 'P', true, true); $valuestr = is_array($valuestr) ? implode(',', $valuestr) : ''; $sysinstalldb .= "'{$valuestr}',"; } if ($value['attrname'] == $form['emailatt']) { $email = $valuestr; } } $db_table = db_prefix . 'form_value'; $db_field = $sysinstall . 'fgid,did,userid,addtime,retime,ipadd,isreply,username,recontent'; $db_values = $sysinstalldb . "{$fgid},{$did},{$userid},{$addtime},0,{$ipadd},0,'',''"; $this->db->query('INSERT INTO ' . $db_table . ' (' . $db_field . ') VALUES (' . $db_values . ')'); $insert_id = $this->db->insert_id(); if ($form['ismail'] && $this->CON['is_email']) { $mailcode = $form['mailcode'] ? $form['mailcode'] : 'formnewremind'; if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $email)) { $this->formmailsend($mailcode, $insert_id, $email); } $putmail = $form['putmail'] ? $form['putmail'] : $this->CON['admine_mail']; if (preg_match("/^\\w+((-\\w+)|(\\.\\w+))*\\@[A-Za-z0-9]+((\\.|-)[A-Za-z0-9]+)*\\.[A-Za-z0-9]+\$/i", $putmail)) { $this->formmailsend('formremind', $insert_id, $putmail); } } if ($form['issms'] && $this->CON['is_moblie']) { $messageArray = array('formgroupname' => $form['formgroupname']); $mobile = $this->CON['moblie_number']; if ($form['smscode']) { $this->membersmssend($messageArray, $mobile, $form['smscode']); } } $this->callmessage(htmlspecialchars_decode($form['successtext']), $linkURL, $this->lng['gobackurlbotton']); }