public function home()
{
global $user;
$v = $this->__(w('alias filename ext'));
if (!f($v['alias']) || !f($v['filename'])) {
_fatal();
}
$sql = 'SELECT tree_id
FROM _tree
WHERE tree_alias = ?';
if (!($tree = _fieldrow(sql_filter($sql, $v['alias'])))) {
_fatal();
}
$sql = 'SELECT *
FROM _downloads
WHERE download_alias = ?
AND download_tree = ?';
if (!($download = _fieldrow(sql_filter($sql, $v['filename'], $tree['tree_id'])))) {
_fatal();
}
if ($download['download_login']) {
_login();
}
$sql = 'UPDATE _downloads SET download_count = download_count + 1
WHERE download_id = ?';
_sql(sql_filter($sql, $download['download_id']));
$filepath = LIB . 'fetch/' . _filename($download['download_id'], $download['download_extension']);
return;
}
function home()
{
global $user, $style;
// /get/$1/$2.$3
$v = $this->__(array('alias', 'filename', 'ext'));
if (empty($v['alias']) || empty($v['filename'])) {
_fatal();
}
$sql = "SELECT tree_id\n\t\t\tFROM _tree\n\t\t\tWHERE tree_alias = '" . $this->_escape($v['alias']) . "'";
if (!($tree = $this->_fieldrow($sql))) {
_fatal();
}
$sql = "SELECT *\n\t\t\tFROM _downloads\n\t\t\tWHERE download_alias = '" . $this->_escape($v['filename']) . "'\n\t\t\t\tAND download_tree = " . (int) $tree['tree_id'];
if (!($download = $this->_fieldrow($sql))) {
_fatal();
}
if ($download['download_login']) {
_login();
}
$filepath = LIB . 'get/' . _filename($download['download_id'], $download['download_extension']);
return;
}
$GLOBALS['act'] = $noskinact;
$GLOBALS['p'] = $page;
$_GET['act'] = $noskinact;
$_GET['p'] = $page;
//Authenticate current user
$CURRENT_USER = NULL;
authenticate();
//Deny blocked accounts
if ($CURRENT_USER["level"] < 0) {
$ERR->Forbidden("your account is blocked");
}
$MDL->LoadModule($p);
exit;
break;
case "auth":
if (!_login($login, $passwd)) {
$MDL->IsModuleExists('error') ? $p = "error" : $ERR->Forbidden("account isn't valid");
$page = "403";
//forbidden
break;
}
resetpage($fwdto);
break;
case "logout":
_logout();
resetpage($fwdto);
break;
case "root":
if (isset($id) && $id == "logout") {
_logoutroot();
resetpage($fwdto);
function logIn()
{
$username = $_POST['username'];
$password = $_POST['password'];
_login($username, $password);
}
protected function _friend_deny()
{
global $bio;
if (!$bio->v('auth_member')) {
_login();
}
$v = $this->__(w('a'));
$sql = 'SELECT bio_id
FROM _bio
WHERE bio_alias = ?';
if (!($bio_id = _field(sql_filter($sql, $v['a']), 'bio_id', 0))) {
_fatal();
}
$sql = 'SELECT friend_id, friend_pending
FROM _bio_friends
WHERE friend_assoc = ?
AND friend_bio = ?';
if (!($friend = _fieldrow(sql_filter($sql, $bio_id, $bio->v('bio_id'))))) {
_fatal();
}
if (!$friend['friend_pending']) {
_fatal();
}
$sql = 'DELETE FROM _bio_friends
WHERE friend_id = ?';
_sql(sql_filter($sql, $friend['friend_id']));
return;
}
public function __construct()
{
global $bio;
parent::__construct();
$this->auth(false);
$this->_m(array('page' => w(), 'messages' => w(), 'account' => w(), 'password' => w(), 'analytics' => w(), 'biography' => w('modify'), 'fans' => w('add remove'), 'interviews' => w('create modify remove'), 'journal' => w('create modify remove'), 'messages' => w('modify remove'), 'options' => w('modify'), 'permission' => w('create remove'), 'record' => w('view remove'), 'gallery' => array('set' => w('create modify remove'), 'photo' => w('create modify remove')), 'music' => array('cd' => w('create modify remove'), 'song' => w('create modify remove'), 'lyrics' => w('create modify remove'))));
$this->m(w('home write sent draft'), 'messages_a');
//
// This bio!
//
$v = $this->__(w('domain alias tab:home'));
if (empty($v->domain) && empty($v->alias)) {
$warning->fatal();
}
if (!empty($v->domain)) {
$v->domain = $this->strip_domain($v->domain);
} elseif (!empty($v->alias)) {
$v->alias = _low($v->alias, true);
if ($v->alias === false) {
$warning->fatal();
}
}
//
$sql = 'SELECT *
FROM _bio b, _bio_type t
WHERE (b.bio_alias = ?
OR b.bio_domain = ?)
AND b.bio_active = ?
AND b.bio_type = t.type_id
LIMIT 1';
if (!($_bio = sql_fieldrow(sql_filter($sql, $v->alias, $v->domain, 1)))) {
$warning->fatal();
}
if ($v->tab != 'home') {
$sql = 'SELECT relation_id
FROM _bio_relation r, _bio_modules m, _bio_publish p
WHERE p.publish_local = ?
AND r.relation_alias = ?
AND r.relation_id = m.module_relation
AND p.publish_module = m.module_id';
if (!sql_field(sql_filter($sql, $_bio->bio_id, $v->tab), 'relation_id', 0)) {
$warning->fatal();
}
}
switch ($_bio->type_alias) {
case 'artist':
case 'page':
if ($bio->v('auth_member')) {
$sql = 'SELECT auth_id
FROM _bio_auth
WHERE auth_local = ?
AND auth_remote = ?
LIMIT 1';
if (sql_field(sql_filter($sql, $_bio->bio_id, $bio->v('bio_id')))) {
$bio->v('auth_page', true);
}
}
break;
default:
break;
}
//
// Access Control
switch ($_bio->bio_access) {
case BIO_ACCESS_FOLLOWER:
if (!$bio->v('auth_member')) {
$bio->login();
_login();
}
if (!$this->bio_follower($_bio->bio_id) && !$bio->v('auth_page')) {
_fatal();
}
break;
case BIO_ACCESS_ALL:
break;
default:
break;
}
return;
}
<?php
/**
* [WeEngine System] Copyright (c) 2014 WE7.CC
* WeEngine is NOT a free software, it under the license terms, visited http://www.we7.cc/ for more details.
*/
defined('IN_IA') or exit('Access Denied');
define('IN_GW', true);
if (checksubmit()) {
_login($_GPC['referer']);
}
cache_load('setting');
template('user/login');
function _login($forward = '')
{
global $_GPC, $_W;
load()->model('user');
$member = array();
$username = trim($_GPC['username']);
if (empty($username)) {
message('请输入要登录的用户名');
}
$member['username'] = $username;
$member['password'] = $_GPC['password'];
if (empty($member['password'])) {
message('请输入密码');
}
$record = user_single($member);
if (!empty($record)) {
if ($record['status'] == 1) {
message('您的账号正在审核或是已经被系统禁止,请联系网站管理员解决!');
protected function _attend_home()
{
global $bio;
if (!is_ghost()) {
_fatal();
}
if (!$bio->v('auth_member')) {
_login();
}
$v = $this->__(_array_keys(w('event option'), 0));
if (!$v['event'] || !$v['option']) {
_fatal();
}
$sql = 'SELECT event_id
FROM _events
WHERE event_id = ?';
if (!_fieldrow($sql, $v['event'])) {
_fatal();
}
$sql = 'SELECT type_id
FROM _events_attend_type
WHERE type_id = ?';
if (!_fieldrow(sql_filter($sql, $v['option']))) {
_fatal();
}
$sql = 'SELECT attend_id
FROM _events_attend
WHERE attend_event = ?
AND attend_uid = ?';
if ($attend_id = _field(sql_filter($sql, $v['event'], $bio->v('bio_id')), 'attend_id', 0)) {
$sql = 'UPDATE _events SET attend_option = ?
WHERE attend_id = ?';
_sql(sql_filter($sql, $v['option'], $attend_id));
} else {
$sql_insert = array('attend_event' => $v['event'], 'attend_uid' => $bio->v('bio_id'), 'attend_option' => $v['option'], 'attend_time' => time());
sql_put('_events_attend', $sql_insert);
}
return $this->e('~OK');
}
public function out()
{
global $user;
if (!$user->v('is_member')) {
redirect(_link());
}
$user->session_kill();
$user->v('is_member', false);
$user->v('session_page', '');
$user->v('session_time', time());
_login('LOGGED_OUT');
}
if (preg_match('/x\\d+/i', $warg_k)) {
$warg_x = str_replace('x', '', $warg_k);
}
}
if ($wdir !== false) {
for ($i = 0; $i < $warg_x; $i++) {
$warg['x' . ($i + 1)] = isset($warg['x' + ($i + 2)]) ? $warg['x' + ($i + 2)] : '';
}
}
}
if (defined('MY_TIMEZONE') && !f(ini_get('date.timezone')) && function_exists('date_default_timezone_set')) {
@ini_set('date.timezone', MY_TIMEZONE);
}
$module->xlevel($warg);
if (!$p_dir && $module->auth() && (!$module->x(1) || !count($module->exclude) || !in_array($module->x(1), $module->exclude))) {
_login();
}
if (!method_exists($module, $module->x(1))) {
_fatal();
}
// Session start
$user->start(true);
$user->setup();
$module->m($mod);
if (!$module->auth_access() && $module->auth()) {
_fatal();
}
if (@method_exists($module, 'install')) {
$module->_install();
}
$module->navigation('home', '', '');
if (isset($_POST['uname']) && strlen($_POST['uname']) < 20) {
$lsdb_uname = strip_tags($_POST['uname']);
} else {
unset($lsdb_uname);
}
if (isset($_POST['pass']) && strlen($_POST['pass']) < 20) {
$lsdb_pass = strip_tags($_POST['pass']);
} else {
unset($lsdb_pass);
}
switch ($myop) {
case "logout":
logout();
break;
case "login":
_login($lsdb_uname, $lsdb_pass);
break;
case "chgpwd":
if (changepass() == 1) {
# _login($uname, $newpass1);
#userinfo($uname, $bypass);
die("<h3>Changed ...</h3>");
} else {
die("<h3>Error changing user values ...</h3>");
}
break;
default:
if (isset($usertoken)) {
user_main($usertoken);
} else {
user_main(array());
function _xfs($mod = false, $wdir = false, $warg = false)
{
global $user, $style;
include_once(XFS . 'core/modules.php');
if ($mod === false)
{
$mod = request_var('module', '');
}
$mod = (!empty($mod)) ? $mod : 'home';
$mod_dir = './base/_' . $mod;
$p_dir = ($wdir === false && @file_exists($mod_dir) && is_dir($mod_dir)) ? true : false;
if (!$p_dir)
{
$mod_dir = './base/_' . (($wdir !== false) ? $wdir . '/_' : '') . $mod;
$mod_path = $mod_dir . '.php';
$mod_class = '__' . $mod;
if (!@file_exists($mod_path))
{
_fatal();
}
include_once($mod_path);
if (!class_exists($mod_class))
{
_fatal();
}
$module = new $mod_class();
}
if ($warg === false)
{
$warg = array();
$arg = request_var('args', '');
if (!empty($arg))
{
foreach (explode('.', $arg) as $v)
{
$el = explode(':', $v);
if (isset($el[0]) && isset($el[1]) && !empty($el[0]))
{
$warg[$el[0]] = $el[1];
}
}
}
if (isset($_POST) && count($_POST))
{
$_POST = _utf8($_POST);
$warg = array_merge($warg, $_POST);
}
}
if ($p_dir)
{
_xfs(((isset($warg['x1'])) ? $warg['x1'] : ''), $mod, $warg);
}
else
{
if (isset($module->auth) && $module->auth)
{
$v_auth_exclude = (isset($module->auth_exclude) && (isset($warg['x1']) && in_array($warg['x1'], $module->auth_exclude))) ? true : false;
if (!$v_auth_exclude)
{
_login();
}
}
$warg_x = 0;
foreach ($warg as $warg_k => $warg_v)
{
if (preg_match('/x\d+/i', $warg_k))
{
$warg_x = str_replace('x', '', $warg_k);
}
}
if ($wdir !== false)
{
for ($i = 0; $i < $warg_x; $i++)
{
$warg['x' . ($i + 1)] = (isset($warg['x' + ($i + 2)])) ? $warg['x' + ($i + 2)] : '';
}
}
}
date_default_timezone_set('America/Guatemala');
$module->arg = $warg;
$module->xlevel();
if (!method_exists($module, $module->level['x1']))
{
_fatal();
}
// Session start
$user->start(true);
$user->setup();
if (!$module->auth_access($user->data))
{
_fatal();
}
if (!defined('LIB')) define('LIB', '../space/');
if (!defined('LIBD')) define('LIBD', _link() . str_replace('../', '', LIB));
$module->module = $mod;
if (@method_exists($module, 'install'))
{
$module->install();
}
$module->navigation('home', '', '');
$module->navigation($module->module, '');
$module->{$module->level['x1']}();
if (empty($module->template))
{
$module->template = $mod;
}
if (@file_exists('./base/tree'))
{
$menu = array_map('trim', @file('./base/tree'));
foreach ($menu as $i => $row)
{
if (!$i) $style->assign_block_vars('tree', array());
$row = trim($row);
$row_level = strripos($row, '*') + 1;
preg_match('#^\*{0,} (.*?) <(.*?)>$#i', $row, $row_key);
$row_mod = array(dvar(array_key(explode('/', $row_key[2]), 1), 'index'));
if ($row_level > 1) $row_mod[] = array_key(explode(':', array_key(explode('.', array_key(explode('/', $row_key[2]), 2)), 0)), 1);
$row_auth = implode('_', $row_mod);
if (!$user->auth_get($row_auth)) continue;
$row_style = '.row' . (($row_level == 1) ? '' : '.sub' . ($row_level - 1));
$style->assign_block_vars('tree' . $row_style, array(
'V_NAME' => trim(str_replace('*', '', $row_key[1])),
'V_LINK' => _link() . substr($row_key[2], 1))
);
}
}
//
// Output template
$page_smodule = 'CONTROL_' . strtoupper($mod);
if (is_lang($page_smodule))
{
$module->page_title($page_smodule);
}
$sv = array(
'MODE' => $module->level['x1'],
'MANAGE' => $module->level['x2'],
'NAVIGATION' => $module->get_navigation()
);
_layout($module->template, $module->page_title(), $sv);
}
