示例#1
0
 /**
  * Verifies a recaptcha
  *
  * @param $priv_key private recaptcha key
  * @return true on success
  */
 public function verify()
 {
     $error = ErrorHandler::getInstance();
     $conf = RecaptchaConfig::getInstance();
     if (empty($_POST['recaptcha_challenge_field']) || empty($_POST['recaptcha_response_field'])) {
         $error->add('No captcha answer given.');
         return false;
     }
     if (!$conf->getPublicKey() || !$conf->getPrivateKey()) {
         die('ERROR - Get Recaptcha API key at http://recaptcha.net/api/getkey');
     }
     $params = array('privatekey' => $conf->getPrivateKey(), 'remoteip' => client_ip(), 'challenge' => $_POST['recaptcha_challenge_field'], 'response' => $_POST['recaptcha_response_field']);
     $http = new HttpClient($this->api_url_verify);
     $res = $http->post($params);
     $answers = explode("\n", $res);
     if (trim($answers[0]) == 'true') {
         return true;
     }
     switch ($answers[1]) {
         case 'incorrect-captcha-sol':
             $e = 'Incorrect captcha solution';
             break;
         default:
             $e = 'untranslated error: ' . $answers[1];
     }
     $error->add($e);
     return false;
 }
 /**
  * Looks up user supplied email address / alias and sends a mail
  *
  * @param $email email address or username
  */
 function sendMail($in)
 {
     $in = trim($in);
     if (is_email($in)) {
         $user_id = UserFinder::byEmail($in);
     } else {
         $user_id = UserFinder::byUsername($in);
     }
     $error = ErrorHandler::getInstance();
     if (!$user_id) {
         $error->add('Invalid email address or username');
         return false;
     }
     $email = UserSetting::getEmail($user_id);
     if (!$email) {
         throw new \Exception('entered email not found');
     }
     $code = Token::generate($user_id, 'activation_code');
     $pattern = array('/@USERNAME@/', '/@IP@/', '/@URL@/', '/@EXPIRETIME@/');
     $user = User::get($user_id);
     $page = XmlDocumentHandler::getInstance();
     $url = $page->getUrl() . 'u/reset_pwd/' . $code;
     $replacement = array($user->getName(), client_ip(), $url, shortTimePeriod($this->expire_time_email));
     $msg = preg_replace($pattern, $replacement, $this->password_msg);
     //d($msg);
     $mail = SendMail::getInstance();
     $mail->addRecipient($email);
     $mail->setSubject('Forgot password');
     $mail->send($msg);
     return true;
 }
示例#3
0
/**
 * Checks if client IP address is in the whitelist
 * Useful to create simple IP access rules
 *
 * @param $whitelist array of IPv4 addresses
 * @return true if client IP address is in the $allowed list
 */
function allowed_ip($whitelist)
{
    if (php_sapi_name() == 'cli') {
        return true;
    }
    $ip = IPv4_to_GeoIP(client_ip());
    return match_ip($ip, $whitelist);
}
示例#4
0
文件: commander.php 项目: relrod/dagd
 private function addCommand()
 {
     $query = $this->db_connection->prepare('INSERT INTO command_redirects(author_ip, command, url) VALUES(?, ?, ?)');
     $query->bind_param('sss', client_ip(), $this->route_matches[2], $this->route_matches[3]);
     if ($query->execute()) {
         return true;
     } else {
         return false;
     }
 }
示例#5
0
文件: pastebin.php 项目: relrod/dagd
 private function create_paste()
 {
     $query = $this->db_connection->prepare('INSERT INTO pastebin_pastes(ip, text) VALUES(?, ?)');
     $query->bind_param('ss', client_ip(), $this->paste_text);
     if ($query->execute()) {
         $this->paste_id = $query->insert_id;
         return true;
     } else {
         return false;
     }
 }
示例#6
0
文件: common.php 项目: elmoy/wenheyou
/**
 * 如果没有配置日志路径则不写日志,
 * 使用php内置的error_log记录错误日志
 *
 * @param string $message
 * @return bool
 */
function log_message($message, $dir = NULL)
{
    if (is_null($dir)) {
        $dir = \Core\Application::config()->log_dir;
    }
    $client_ip = client_ip();
    if (!is_dir($dir)) {
        @mkdir($dir, 0755, TRUE);
    }
    $file = $dir . '/' . date('Y-m-d') . '.log';
    return error_log(date('H:i:s ') . $client_ip . " {$message}\n", 3, $file);
}
示例#7
0
	protected function zlogCreate($index, $name, $extra = '')
	{
		$data = array(
			'type' => $this->zlogType,
			'uid' => user()->get('id'),
			'uip' => ip2long(client_ip()),
			'index' => $index,
			'name' => $name,
			'extra' => $extra,
			'time' => time()
		);
		return dbc(DBCMax)->insert('zlog')->data($data)->done();
	}
示例#8
0
 /**
  * Helper function to create new comments
  */
 public static function create($type, $owner, $msg, $private = false)
 {
     $session = SessionHandler::getInstance();
     $c = new Comment();
     $c->type = $type;
     $c->owner = $owner;
     $c->msg = $msg;
     $c->private = $private;
     $c->creator = $session->id;
     $c->creator_ip = client_ip();
     $c->time_created = sql_datetime(time());
     return $c->store();
 }
示例#9
0
文件: isp.php 项目: relrod/dagd
 public function render()
 {
     if (count($this->route_matches) > 1) {
         $query = $this->route_matches[1];
     } else {
         $query = client_ip();
     }
     $whois_client = new DaGdWhois($query);
     $response = $whois_client->performQuery();
     if (preg_match('/(?:Org\\-?Name|contact:Name): ?(.+)/', $response, $org_matches)) {
         return trim($org_matches[1]);
     }
     return 'ISP could not be found.';
 }
示例#10
0
function logout()
{
    $userid = isset($_SESSION['userid']) ? $_SESSION['userid'] : 0;
    $ip = client_ip();
    update_user_status($_SESSION['userid'], 0, $ip, $_SERVER['HTTP_USER_AGENT']);
    update_confid($userid, md5(mt_rand()));
    $dir = $_SERVER['DOCUMENT_ROOT'] . "/Contacts/views/user/temp/" . md5($userid);
    if (file_exists($dir)) {
        removeDir($dir);
    }
    unset($_SESSION['userid']);
    unset($_SESSION['timeout']);
    unset($_SESSION['username']);
    unset($_SESSION['isLoggedIn']);
    unset($_SESSION['becomeLogin']);
}
示例#11
0
文件: common.php 项目: elmoy/wenheyou
 /**
  * 初始化数据
  * @param string $order_id   $this->mchid.date('YmdHis').rand(1000, 9999);
  * @return \WX\Redcash\Common
  */
 public function init_params($order_id, $send_name, $nick_name, $open_id, $total_amount, $min_value, $max_value, $total_num, $wishing, $action_name, $remark)
 {
     $this->params['nonce_str'] = $this->create_noncestr();
     $this->params['mch_billno'] = $order_id;
     $this->params['mch_id'] = $this->mchid;
     $this->params['wxappid'] = $this->appid;
     $this->params['nick_name'] = $nick_name;
     $this->params['send_name'] = $send_name;
     $this->params['re_openid'] = $open_id;
     $this->params['total_amount'] = $total_amount;
     $this->params['min_value'] = $min_value;
     $this->params['max_value'] = $max_value;
     $this->params['total_num'] = $total_num;
     $this->params['wishing'] = $wishing;
     $this->params['client_ip'] = client_ip();
     $this->params['act_name'] = $action_name;
     $this->params['remark'] = $remark;
     return $this;
 }
 /**
  * Sends a account activation mail to specified user
  *
  * @param $_id user id
  */
 function xxx_sendActivationMail($_id)
 {
     if (!is_numeric($_id)) {
         return false;
     }
     $email = loadUserdataEmail($_id);
     if (!$email) {
         return false;
     }
     $code = generateActivationCode(ACTIVATE_EMAIL, 1000000, 9999999);
     createActivation(ACTIVATE_EMAIL, $code, $_id);
     $subj = 'Account activation';
     $pattern = array('/__USERNAME__/', '/__IP__/', '/__CODE__/', '/__URL__/', '/__EXPIRETIME__/');
     $replacement = array(Users::getName($_id), client_ip(), $code, xhtmlGetUrl("activate.php?id=" . $_id . "&code=" . $code), shortTimePeriod($this->expire_time_email));
     $msg = preg_replace($pattern, $replacement, $this->mail_activate_msg);
     if (!$this->SmtpSend($email, $subj, $msg)) {
         return false;
     }
     $this->activation_sent = true;
     return true;
 }
示例#13
0
function handleSubmit($p)
{
    $session = SessionHandler::getInstance();
    $error = ErrorHandler::getInstance();
    if (empty($p['comment'])) {
        return false;
    }
    if (!$session->id) {
        $error->add('Unauthorized submit');
        return false;
    }
    $c = new Comment();
    $c->type = $p['type'];
    $c->msg = $p['comment'];
    $c->private = 0;
    $c->time_created = sql_datetime(time());
    $c->owner = $p['owner'];
    $c->creator = $session->id;
    $c->creator_ip = client_ip();
    $c->store();
    redir($_SERVER['REQUEST_URI']);
}
示例#14
0
function wordpress_oauth_firewall_init()
{
    $options = get_option('wo_options');
    if (!_vl()) {
        return;
    }
    if (isset($options['firewall_block_all_incomming']) && $options['firewall_block_all_incomming']) {
        $remote_addr = client_ip();
        $whitelist = str_replace(' ', '', $options['firewall_ip_whitelist']);
        // remove all whitespace
        $whitelist_array = explode(',', $whitelist);
        if (in_array($remote_addr, $whitelist_array)) {
            return;
        }
        header('Content-Type: application/json');
        $response = array('error' => 'Unauthorized');
        print json_encode($response);
        exit;
    }
}
示例#15
0
 private function _init_env()
 {
     error_reporting(E_ERROR);
     @set_time_limit(300);
     if (PHP_VERSION < '5.3.0') {
         set_magic_quotes_runtime(0);
     }
     define('IN_JISHIGOU', true);
     define('ROOT_PATH', substr(dirname(__FILE__), 0, -8) . '/');
     define('PLUGIN_DIR', ROOT_PATH . 'plugin');
     define('RELATIVE_ROOT_PATH', './');
     define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
     define('TIMESTAMP', time());
     if (!defined('JISHIGOU_GLOBAL_FUNCTION') && !@(include ROOT_PATH . 'include/func/global.func.php')) {
         exit('global.func.php is not exists');
     }
     if (function_exists('ini_set')) {
         ini_set('memory_limit', '256M');
         ini_set('max_execution_time', 300);
         ini_set('arg_seperator.output', '&amp;');
         ini_set('magic_quotes_runtime', 0);
         ini_set('session.save_path', ROOT_PATH . 'data/temp/session/');
     }
     $superglobal = array('GLOBALS' => 1, '_GET' => 1, '_POST' => 1, '_COOKIE' => 1, '_SERVER' => 1, '_FILES' => 1);
     foreach ($GLOBALS as $k => $v) {
         if (!isset($superglobal[$k])) {
             $GLOBALS[$k] = null;
             unset($GLOBALS[$k]);
         }
     }
     global $_J;
     $_J = array('timestamp' => TIMESTAMP, 'time_start' => microtime(true), 'client_ip' => client_ip(), 'client_ip_port' => client_ip_port(), 'uid' => 0, 'username' => '', 'nickname' => '', 'role_id' => 0, 'charset' => '', 'site_name' => '', 'site_url' => '', 'wap_url' => '', 'mobile_url' => '', 'mod' => '', 'code' => '');
     $this->var =& $_J;
 }
示例#16
0
 /**
  * @param $key array from a $_FILES entry
  * @param $blind dont verify if is_uploaded_file(), useful when importing files from other means than HTTP uploads
  * @return file id
  */
 public static function import($type, &$key, $category = 0, $blind = false)
 {
     // ignore empty file uploads
     if (!$key['name']) {
         return false;
     }
     if (!$blind && !is_uploaded_file($key['tmp_name'])) {
         throw new \Exception('Upload failed for file ' . $key['name']);
         //$error->add('Upload failed for file '.$key['name'] );
         //return;
     }
     $session = SessionHandler::getInstance();
     $file = new File();
     $file->type = $type;
     $file->uploader = $session->id;
     $file->uploader_ip = client_ip();
     $file->size = $key['size'];
     $file->name = $key['name'];
     $file->mimetype = $key['type'];
     $file->category = $category;
     $file->time_uploaded = sql_datetime(time());
     $file->id = $file->store();
     if (!$file->id) {
         return false;
     }
     $dst_file = self::getUploadPath($file->id);
     if ($blind) {
         // UGLY HACK using "@": currently gives a E_WARNING: "Operation not permitted" error,
         // even though the rename suceeds???
         if (!@rename($key['tmp_name'], $dst_file)) {
             throw new \Exception('rename failed');
         }
     } elseif (!move_uploaded_file($key['tmp_name'], $dst_file)) {
         throw new \Exception('Failed to move file from ' . $key['tmp_name'] . ' to ' . $dst_file);
     }
     chmod($dst_file, 0777);
     $key['name'] = $dst_file;
     $key['file_id'] = $file->id;
     return $file->id;
 }
示例#17
0
	private function Log($file)
	{
		if (is_string($file))
		{
			return array(
				'error' => true,
				'msg' => $file
			);
		}
		$data = $file;
		$data['intro'] = '';
		$data['url'] = ini('settings.site_url').str_replace('./', '/', $data['path']);
		$data['extra'] = '';
		$data['uid'] = user()->get('id');
		$data['ip'] = ip2long(client_ip());
		$data['update'] = time();
		dbc()->SetTable(table('uploads'));
				$exist = dbc(DBCMax)->select('uploads')->where('path="'.$data['path'].'"')->limit(1)->done();
		if ($exist)
		{
			dbc()->Update($data, 'id='.$exist['id']);
			$data['id'] = $exist['id'];
		}
		else
		{
			$data['id'] = dbc()->Insert($data);
		}
				return $data;
	}
示例#18
0
/*Force display errors/warnings*/
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_name("CntId");
session_start();
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/models/model.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/models/debug.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/alerts.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/models/user/sel_user.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/models/user/upt_user.php';
$debug = isset($_SESSION['debug']) && $_SESSION['debug'] == "on" ? 1 : 0;
if ($debug) {
    dump($_SESSION, "SESSION");
    dump($_POST, "POST");
}
$ip = client_ip();
$confid = isset($_POST['cnf']) ? trim($_POST['cnf']) : 0;
$userid = isset($_SESSION['userid']) ? $_SESSION['userid'] : 0;
$timeout = isset($_SESSION['timeout']) ? $_SESSION['timeout'] : 0;
$username = isset($_SESSION['username']) ? $_SESSION['username'] : 0;
$isLoggedIn = isset($_SESSION['isLoggedIn']) ? $_SESSION['isLoggedIn'] : 0;
if ($isLoggedIn && $userid && ($Records = user_is_online($userid, $username, $confid, $ip, $_SERVER['HTTP_USER_AGENT'], $timeout))) {
    update_user_status($userid, $isLoggedIn, $ip, $_SERVER['HTTP_USER_AGENT']);
    $action = isset($_POST['act']) ? $_POST['act'] : 0;
    switch ($action) {
        case 'get_persons':
            $items = isset($_POST['itm']) ? $_POST['itm'] : 0;
            $page = isset($_POST['pg']) ? $_POST['pg'] : 0;
            include_once $_SERVER['DOCUMENT_ROOT'] . '/Contacts/views/content/persons.php';
            break;
        case 'get_person':
示例#19
0
	private function getdata($payment, $parameter) {
		
		$parameter['name'] = trim($parameter['name']);
		$data = array(
			'version' => $payment['config']['version'],
			'oid_partner' => $payment['config']['oid_partner'],
			'user_id' => $parameter['userid'],
			'timestamp' => local_date('YmdHis', time()),
			'sign_type' => $payment['config']['sign_type'],
			'busi_partner' => $payment['config']['busi_partner'],
			'no_order' => $parameter['sign'],
			'dt_order' => local_date('YmdHis', time()),
			'name_goods' => (true === ENC_IS_GBK ? array_iconv('gbk', 'utf-8', $parameter['name']) : $parameter['name']),
									'money_order' => $parameter['price'],
			'notify_url' => $parameter['notify_url'],

			'acct_name' => '',
						'id_no' => '',
			'valid_order' => $payment['config']['valid_order'],
			'userreq_ip' => client_ip(),
			'url_return' => $parameter['notify_url'],
					);
		if($payment['config']['app_request']) {
			$data['app_request'] = $payment['config']['app_request'];
		}
		return $data;
	}
 public function config_site()
 {
     global $LANG;
     if (empty($_SESSION['step4'])) {
         if (!empty($_SESSION['step3']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) {
             session_regenerate_id(true);
             if (empty($_SESSION['val'])) {
                 $_SESSION['val']['site_name'] = 'My Own Social/Dating Site!';
                 $_SESSION['val']['admin_login_email'] = '';
                 $_SESSION['val']['admin_email'] = '';
                 $_SESSION['val']['admin_feedback_email'] = '';
                 $_SESSION['val']['admin_return_email'] = '';
                 $_SESSION['val']['admin_username'] = '******';
                 $_SESSION['val']['admin_first_name'] = '';
                 $_SESSION['val']['admin_last_name'] = '';
             }
             if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_site_submit'])) {
                 if (filled_out($_POST)) {
                     foreach ($_POST as $sKey => $sVal) {
                         $_SESSION['val'][$sKey] = trim($sVal);
                     }
                     if (validate_email($_SESSION['val']['admin_login_email']) && validate_email($_SESSION['val']['admin_email']) && validate_email($_SESSION['val']['admin_feedback_email']) && validate_email($_SESSION['val']['admin_return_email'])) {
                         if (validate_username($_SESSION['val']['admin_username']) == 0) {
                             if (validate_password($_SESSION['val']['admin_password']) == 0) {
                                 if (validate_identical($_SESSION['val']['admin_password'], $_SESSION['val']['admin_passwords'])) {
                                     if (!find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_username']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_first_name']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_last_name'])) {
                                         if (validate_name($_SESSION['val']['admin_first_name'])) {
                                             if (validate_name($_SESSION['val']['admin_last_name'])) {
                                                 @(require_once PH7_ROOT_PUBLIC . '_constants.php');
                                                 @(require_once PH7_PATH_APP . 'configs/constants.php');
                                                 require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php';
                                                 // To load "Security" class.
                                                 Framework\Loader\Autoloader::getInstance()->init();
                                                 try {
                                                     require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php';
                                                     // SQL EXECUTE
                                                     $oSqlQuery = $DB->prepare('INSERT INTO ' . $_SESSION['db']['prefix'] . 'Admins
                                                     (profileId , username, password, email, firstName, lastName, joinDate, lastActivity, ip)
                                                     VALUES (1, :username, :password, :email, :firstName, :lastName, :joinDate, :lastActivity, :ip)');
                                                     $sCurrentDate = date('Y-m-d H:i:s');
                                                     $oSqlQuery->execute(array('username' => $_SESSION['val']['admin_username'], 'password' => Framework\Security\Security::hashPwd($_SESSION['val']['admin_password']), 'email' => $_SESSION['val']['admin_login_email'], 'firstName' => $_SESSION['val']['admin_first_name'], 'lastName' => $_SESSION['val']['admin_last_name'], 'joinDate' => $sCurrentDate, 'lastActivity' => $sCurrentDate, 'ip' => client_ip()));
                                                     $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :siteName WHERE name = \'siteName\'');
                                                     $oSqlQuery->execute(array('siteName' => $_SESSION['val']['site_name']));
                                                     $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :adminEmail WHERE name = \'adminEmail\'');
                                                     $oSqlQuery->execute(array('adminEmail' => $_SESSION['val']['admin_email']));
                                                     $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :feedbackEmail WHERE name = \'feedbackEmail\'');
                                                     $oSqlQuery->execute(array('feedbackEmail' => $_SESSION['val']['admin_feedback_email']));
                                                     $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :returnEmail WHERE name = \'returnEmail\'');
                                                     $oSqlQuery->execute(array('returnEmail' => $_SESSION['val']['admin_return_email']));
                                                     // We finalise by putting the correct permission to the config files
                                                     $this->_chmodConfigFiles();
                                                     $_SESSION['step4'] = 1;
                                                     redirect(PH7_URL_SLUG_INSTALL . 'service');
                                                 } catch (\PDOException $oE) {
                                                     $aErrors[] = $LANG['database_error'] . escape($oE->getMessage());
                                                 }
                                             } else {
                                                 $aErrors[] = $LANG['bad_last_name'];
                                             }
                                         } else {
                                             $aErrors[] = $LANG['bad_first_name'];
                                         }
                                     } else {
                                         $aErrors[] = $LANG['insecure_password'];
                                     }
                                 } else {
                                     $aErrors[] = $LANG['passwords_different'];
                                 }
                             } elseif (validate_password($_SESSION['val']['admin_password']) == 1) {
                                 $aErrors[] = $LANG['password_too_short'];
                             } elseif (validate_password($_SESSION['val']['admin_password']) == 2) {
                                 $aErrors[] = $LANG['password_too_long'];
                             } elseif (validate_password($_SESSION['val']['admin_password']) == 3) {
                                 $aErrors[] = $LANG['password_no_number'];
                             } elseif (validate_password($_SESSION['val']['admin_password']) == 4) {
                                 $aErrors[] = $LANG['password_no_upper'];
                             }
                         } elseif (validate_username($_SESSION['val']['admin_username']) == 1) {
                             $aErrors[] = $LANG['username_too_short'];
                         } elseif (validate_username($_SESSION['val']['admin_username']) == 2) {
                             $aErrors[] = $LANG['username_too_long'];
                         } elseif (validate_username($_SESSION['val']['admin_username']) == 3) {
                             $aErrors[] = $LANG['bad_username'];
                         }
                     } else {
                         $aErrors[] = $LANG['bad_email'];
                     }
                 } else {
                     $aErrors[] = $LANG['all_fields_mandatory'];
                 }
             }
         } else {
             redirect(PH7_URL_SLUG_INSTALL . 'config_system');
         }
     } else {
         redirect(PH7_URL_SLUG_INSTALL . 'service');
     }
     $this->oView->assign('sept_number', 4);
     $this->oView->assign('errors', @$aErrors);
     unset($aErrors);
     $this->oView->display('config_site.tpl');
 }
示例#21
0
        }
        $db = get_db();
        $db->query("select id from eb_collection where resource_type='news' and resource_id={$news->id} and user_id={$user->id}");
        if ($db->record_count > 0) {
            die('您已收藏过改文章,请不要重复收藏!');
        }
        $collect = new table_class('eb_collection');
        $collect->created_at = now();
        $collect->resource_type = 'news';
        $collect->resource_id = $news->id;
        $collect->user_id = $user->id;
        $collect->save();
        echo "恭喜您,文章收藏成功!";
    } elseif ($type == 'comment') {
        $user = User::current_user();
        if (!$user) {
            echo '请先登录';
            die;
        }
        $news_id = intval($_POST['news_id']);
        $comment = new table_class('eb_comment');
        $comment->resource_id = $news_id;
        $comment->resource_type = 'news';
        $comment->nick_name = $user->name;
        $comment->user_id = $user->id;
        $comment->ip = client_ip();
        $comment->created_at = now();
        $comment->comment = htmlspecialchars(urldecode($_POST['comment']));
        $comment->save();
    }
}
示例#22
0
 /**
  * Starts session & loads previous session data if found
  * must be called at beginning of each page request
  */
 function start()
 {
     if (!$this->name) {
         throw new \Exception('session name not set');
     }
     $sess_storage = new SessionStorageHandler();
     $error = ErrorHandler::getInstance();
     session_name($this->name);
     ini_set('session.cookie_lifetime', $this->timeout);
     // in seconds
     ini_set('session.gc_maxlifetime', $this->timeout);
     // in seconds
     if (!session_id()) {
         if (!session_start()) {
             throw new \Exception('failed to start session');
         }
     }
     if (empty($_SESSION['id'])) {
         return;
     }
     $page = XmlDocumentHandler::getInstance();
     setcookie($this->name, session_id(), time() + $this->timeout, $page->getRelativeUrl());
     $this->id =& $_SESSION['id'];
     $this->username =& $_SESSION['username'];
     $this->usermode =& $_SESSION['usermode'];
     $this->isWebmaster =& $_SESSION['isWebmaster'];
     $this->isAdmin =& $_SESSION['isAdmin'];
     $this->isSuperAdmin =& $_SESSION['isSuperAdmin'];
     $this->referer =& $_SESSION['referer'];
     $this->ip =& $_SESSION['ip'];
     $this->type =& $_SESSION['type'];
     $this->last_active =& $_SESSION['last_active'];
     if ($this->type == SESSION_FACEBOOK) {
         $this->facebook_id = $this->username;
     }
     if ($this->id && $this->ip && $this->ip != client_ip()) {
         // Logged in: Check if client ip has changed since last request, if so - log user out to avoid session hijacking
         $msg = 'ERROR: Client IP changed for ' . $this->username . ', Old: ' . $this->ip . ', current: ' . client_ip();
         $error->add($msg);
         dp($msg);
         $this->end();
         //    $session->errorPage();
     } else {
         if ($this->id && $this->getLastActive() < time() - $this->timeout) {
             // Check user activity - log out inactive user
             $msg = 'Session timed out for ' . $this->username . ' after ' . (time() - $this->getLastActive()) . 's (timeout is ' . $this->timeout . 's)';
             $error->add($msg);
             dp($msg);
             $this->end();
             //$session->showErrorPage();
         } else {
             if ($this->id) {
                 $this->setLastActive();
             } else {
                 if (!$this->id && $this->facebook_app_id) {
                     // Handle facebook login
                     $this->handleFacebookLogin();
                 }
             }
         }
     }
 }
示例#23
0
文件: ip.php 项目: relrod/dagd
 public function render()
 {
     return client_ip();
 }
示例#24
0
 /**
  * Function used to add comment
  * This is more advance function , 
  * in this function functions can be applied on comments
  */
 function add_comment($comment, $obj_id, $reply_to = NULL, $type = 'v', $obj_owner = NULL, $obj_link = NULL, $force_name_email = false)
 {
     global $userquery, $eh, $db, $Cbucket;
     //Checking maximum comments characters allowed
     if (defined("MAX_COMMENT_CHR")) {
         if (strlen($comment) > MAX_COMMENT_CHR) {
             e(sprintf("'%d' characters allowed for comment", MAX_COMMENT_CHR));
         }
     }
     if (!verify_captcha()) {
         e(lang('usr_ccode_err'));
     }
     if (empty($comment)) {
         e(lang("pelase_enter_something_for_comment"));
     }
     $params = array('comment' => $comment, 'obj_id' => $obj_id, 'reply_to' => $reply_to, 'type' => $type);
     $this->validate_comment_functions($params);
     /* 		
      if($type=='video' || $type=='v')
      {
      if(!$this->video_exists($obj_id))
      e(lang("class_vdo_del_err"));
     
      //Checking owner of video
      if(!USER_COMMENT_OWN)
      {
      if(userid()==$this->get_vid_owner($obj_id));
      e(lang("usr_cmt_err2"));
      }
      }
     */
     if (!userid() && $Cbucket->configs['anonym_comments'] != 'yes') {
         e(lang("you_not_logged_in"));
     }
     if (!userid() && $Cbucket->configs['anonym_comments'] == 'yes' || $force_name_email) {
         //Checking for input name and email
         if (empty($_POST['name'])) {
             e(lang("please_enter_your_name"));
         }
         if (empty($_POST['email'])) {
             e(lang("please_enter_your_email"));
         }
         $name = mysql_clean($_POST['name']);
         $email = mysql_clean($_POST['email']);
     }
     if (empty($eh->error_list)) {
         $attributes = get_message_attributes($comment);
         if (is_array($attributes)) {
             $attributes = json_encode($attributes);
         }
         $fields = array('type' => $type, 'comment' => $comment, 'comment_attributes' => $attributes, 'type_id' => $obj_id, 'userid' => userid(), 'date_added' => now(), 'parent_id' => $reply_to, 'anonym_name' => $name, 'anonym_email' => $email, 'comment_ip' => mysql_clean(client_ip()), 'type_owner_id' => $obj_owner);
         $cid = db_insert(tbl('comments'), $fields);
         $db->update(tbl("users"), array("total_comments"), array("|f|total_comments+1"), " userid='" . userid() . "'");
         e(lang("grp_comment_msg"), "m");
         //$cid = $db->insert_id();
         $own_details = $userquery->get_user_field_only($obj_owner, 'email');
         $username = username();
         $username = $username ? $username : post('name');
         $useremail = $email;
         //Adding Comment Log
         $log_array = array('success' => 'yes', 'action_obj_id' => $cid, 'action_done_id' => $obj_id, 'details' => "made a comment", 'username' => $username, 'useremail' => $useremail);
         insert_log($type . '_comment', $log_array);
         //sending email
         if (SEND_COMMENT_NOTIFICATION == 'yes' && $own_details) {
             global $cbemail;
             $tpl = $cbemail->get_template('user_comment_email');
             $more_var = array('{username}' => $username, '{obj_link}' => $obj_link . '#comment_' . $cid, '{comment}' => $comment, '{obj}' => get_obj_type($type));
             if (!is_array($var)) {
                 $var = array();
             }
             $var = array_merge($more_var, $var);
             $subj = $cbemail->replace($tpl['email_template_subject'], $var);
             $msg = nl2br($cbemail->replace($tpl['email_template'], $var));
             //Now Finally Sending Email
             cbmail(array('to' => $own_details, 'from' => WEBSITE_EMAIL, 'subject' => $subj, 'content' => $msg));
         }
         add_users_mentioned($comment, NULL, $cid);
         return $cid;
     }
     return false;
 }
示例#25
0
	public function InizTicket($pid, $uid)
	{
				$product = logic('product')->BuysCheck($pid);
		if (isset($product['false']))
		{
			return $product['false'];
		}
				$phone = $this->phone($uid, false);
		if (!$phone)
		{
			return '您的手机号码还未验证,不能参与活动!';
		}
				$ordCount = logic('order')->Count('productid='.$pid.' AND userid='.$uid);
		if ((int)$ordCount == 0)
		{
			$order = logic('order')->GetFree($uid, $pid);
			$order['productnum'] = 1;
			$order['productprice'] = 0;
			$order['extmsg'] = '抽奖用户IP地址:'.client_ip();
			$order['pay'] = ORD_PAID_Yes;
			$order['process'] = 'TRADE_FINISHED';
			$order['status'] = ORD_STA_Normal;
			logic('order')->Update($order['orderid'], $order);
		}
				$prizes = $this->GetList($pid, $uid);
		if (!$prizes)
		{
						$this->CreateTicket($pid, $uid);
			$this->__finder($pid, $uid);
		}
		return true;
	}
示例#26
0
文件: shorten.php 项目: relrod/dagd
 private function store_shorturl()
 {
     if (!$this->store_url) {
         return true;
     }
     $query = $this->db_connection->prepare('INSERT INTO shorturls(shorturl, longurl, owner_ip, custom_shorturl) ' . 'VALUES(?, ?, ?, ?);');
     $query->bind_param('sssi', $this->short_url, $this->long_url, client_ip(), $this->custom_url);
     if ($query->execute()) {
         return true;
     } else {
         error500('Something has gone wrong! :( ... Try again? Please?');
         return false;
     }
 }