/** * 是否登录并解密cookie * @access public * @return boolean */ public function decryptUid() { if (cookie('posutoba')) { $uid = cookie('posutoba'); $uid_res = authCode($uid, 'DECODE'); return $uid_res; } else { return null; } }
$error = ""; if (isset($_POST["username"]) && isset($_POST["password"])) { if (empty($_POST["username"]) || empty($_POST["password"])) { $error = "用户名或密码为空"; //return false; } else { $username = $_POST["username"]; $password = $_POST["password"]; if ($username == $U) { if ($password == $P) { $token = mt_rand(); // 生成token $fp = fopen("../temp/session_token", "w+"); fwrite($fp, $token); fclose($fp); $cookieValue = authCode("{$username},{$password},{$token}", $textKey, "ENCODE"); //echo $cookieValue; // 写入cookie createCookie("anehtaDoor", $cookieValue, 0, '/', '', 0, 1); // 跳转url到referer if (isset($_GET["redirect"])) { // 这里没检查跳转的域,有钓鱼的风险 $redirect = $_GET["redirect"]; header("Location: {$redirect}"); } else { header("Location: admin.php"); } } else { // 密码错 $error = "用户名或密码错误"; //return false;
/* * 统一配置anehta 配置文件 * 包括: anehtaurl, mail server, auth 等 * */ include_once "xml.php"; $anehtaurl = ""; $boomerangtarget = ""; $boomerangsrc = ""; // check csrf TOKEN if (isset($_POST["csrfToken"])) { if (empty($_POST["csrfToken"])) { echo "\nToken Error! May be CSRF attack!\n"; return false; } else { list($user, $pass, $token) = explode(",", authCode($_COOKIE["anehtaDoor"], $textKey, "DECODE")); //echo "token = $token\n"; //echo "csrf = ".base64_decode($_POST["csrfToken"])."\n"; if ($token != base64_decode($_POST["csrfToken"])) { echo "\nToken Error! May be CSRF attack!\n"; return false; } } // 全部base64编码进入xml文件,否则可能被xpath注射 if (!empty($_POST['anehtaurl'])) { //$anehtaurl = base64_encode($_POST['anehtaurl']); $anehtaurl = $_POST['anehtaurl']; } if (!empty($_POST['boomerangtarget'])) { //$boomerangtarget = base64_encode($_POST['boomerangtarget']); $boomerangtarget = $_POST['boomerangtarget'];
if ($login || $code) { //logService->log('TRACE','LANDING PAGE 3',$user_agent,'start'); if ($threadid_was_set && $forum && $threadid && ($login || $code)) { $param = $lang . "/" . $forum . "/" . $threadid . "/3/"; } if ($login) { $logService->log('TRACE', $server . ':Processing login, calling Disqus', 'param=' . urlencode($environment['callback'] . $param), 'login'); auth($param); exit; } else { if ($code) { $logService->log('TRACE', $server . ':Redirected from Disqus with code', $code, 'login'); /** **/ //$logService->log('TRACE',$server.':Environment',var_log('environment',$environment),'login'); $access_token = authCode($code, $param); if (empty($access_token)) { if (isset($_GET['login'])) { $logService->log('ERROR', 'Processing login with CODE set, but no access token, calling Disqus', '', 'login'); auth($param); exit; } } else { $logService->log('TRACE', 'Authorization a success, looking up / creating a user', '', 'login'); //authorization a success $obj = getUserData(); if ($obj) { $old_identity = $identity; if ($old_identity) { $old_user = $ds->getUser($old_identity); $old_username = $old_user['username'];
function checkLoginStatus($U, $P, $textKey) { if (!isset($_COOKIE["anehtaDoor"])) { echo "<html><script>window.location = \"login.php?redirect=" . urlencode($_SERVER["PHP_SELF"]) . "\";</script></html>"; return false; } //$textKey = "anehtaokok112@@sdsdwerrddfdsw"; // 加密密钥 list($user, $pass, $token) = explode(",", authCode($_COOKIE["anehtaDoor"], $textKey, "DECODE")); if ($user && $pass && $token) { // 保证只有一个有效的session if (!file_exists("../temp/session_token") || $token != file_get_contents("../temp/session_token")) { echo "<html><script>window.location = \"login.php?redirect=" . urlencode($_SERVER["PHP_SELF"]) . "\";</script></html>"; return false; } if ($user == $U && $pass == $P) { return true; } else { echo "<html><script>window.location = \"login.php?redirect=" . urlencode($_SERVER["PHP_SELF"]) . "\";</script></html>"; return false; } } }
/** * qq回调地址 * @access public */ public function qqCallback() { $qq = new \Tieba\Library\Connect(); $result = $qq->getUsrInfo(); $info = M('users')->where(array('user_openid' => $result['open_id']))->find(); if (empty($info)) { $array['qq_avatar'] = $result['figureurl_2']; $array['qq_username'] = $result['nickname']; $array['qq_openid'] = $result['open_id']; $key = base64_encode(json_encode($array)); $this->redirect(U('User/register', array('key' => $key))); } else { cookie('posutoba', authCode($info['user_id'], 'ENCODE'), 60 * 60 * 24 * 365); redirect(__ROOT__ . '/'); } }