function checkChinaIP()
{
$ip = getClientIP();
$cIP = explode(".", $ip);
$ipList = split("\n", file_get_contents(__DIR__ . "/china_ip"));
foreach ($ipList as $value) {
if (!$value) {
continue;
}
$ips = explode(" ", $value);
$minIP = explode(".", $ips[0]);
$maxIP = explode(".", $ips[1]);
$match = true;
foreach ($cIP as $idx => $part) {
if ($part < $minIP[$idx] || $part > $maxIP[$idx]) {
$match = false;
break;
}
}
if ($match) {
return true;
}
}
return false;
//return true;
}
/**
* 推广连接
* www.xxx.com/action/Method/站长ID/游戏ID/cpa、cps、。。。/子ID/?ref=url
* yy.51yx.com/index/tg/12312312/13/2/11/?ref=url
*/
public function tg()
{
$master_id = $_GET[2];
//站长ID
$game_id = $_GET[3];
//游戏ID
$type = $_GET[4];
//推广类型 cpa/cps
$sub_code = $_GET[5];
//子站长ID
$ref = $_GET['ref'];
setcookie(WEBMASTER, $master_id, 0, '/', DOMAIN);
setcookie(AD_GAME_ID, $game_id, 0, '/', DOMAIN);
setcookie(SPREAD_TYPE, $type, 0, '/', DOMAIN);
//CPS 为2 CPA:1 其它:0
setcookie(SUB_CODE, $sub_code, 0, '/', DOMAIN);
$ip = getClientIP();
//记点击日志
//站长ID,游戏ID,子站长ID,访问IP
$content = $master_id . ',' . $game_id . ',\'' . $sub_code . '\' ' . $ip;
@log_info($content, $file = "tg_click_");
if ($ref) {
$this->gotourl($ref);
} else {
$this->gotourl('/member/register');
}
exit;
}
function setSessionFile($data)
{
$dir = getSysDir();
$handle = fopen($dir . '/etc/session/sess' . md5(getClientIP()), 'wt');
$res = fwrite($handle, $data);
fclose($handle);
return $res;
}
function addToLog($userid, $action, $description)
{
$userid = makeStringSafe($userid);
$action = makeStringSafe($action);
$description = makeStringSafe($description);
$mysqldate = getCurrentMySQLDateTime();
$ip = getClientIP();
$hostname = getClientHostname();
doQuery("INSERT INTO " . getDBPrefix() . "_log SET user_id = '" . $userid . "', action_type = '" . $action . "', action_description = '" . $description . "', date = '" . $mysqldate . "', ip = '" . $ip . "', hostname='" . $hostname . "'");
}
public static function createInstantReport($message, $senderid, $requestid, $route, array $response)
{
// Request id
$dataToInsert['user_id'] = 1;
// active user id
$dataToInsert['request_id'] = $requestid;
$dataToInsert['request_route'] = $route;
$dataToInsert['senderid'] = $senderid;
$dataToInsert['message'] = $message;
$dataToInsert['data'] = $response;
//json
$dataToInsert['sender_ip'] = getClientIP();
CloudsmsReports::create($dataToInsert);
}
public function activation()
{
$this->loadModel('common_model');
$json = $_GET['jsoncallback'];
$user_name = $_REQUEST['user_name'];
$game_id = $_REQUEST['game_id'];
$card_no = $_REQUEST['card_no'];
//判断激活码是否有效
$query = $this->common_model->checkActivationCode($card_no);
if ($query) {
if (empty($json)) {
echo json_encode(array('actionErrors' => 'e1'));
} else {
echo $json . "(" . json_encode(array('actionErrors' => 'e1')) . ")";
}
exit;
}
//判断账号是否已经被激活过
$query = $this->common_model->checkUserActivation($game_id, $user_name);
if ($query) {
if (empty($json)) {
echo json_encode(array('actionErrors' => 'e3'));
} else {
echo $json . "(" . json_encode(array('actionErrors' => 'e3')) . ")";
}
exit;
}
//判断用户或激活码是否可用
$query = $this->common_model->checkActivation($game_id, $user_name, $card_no);
if ($query) {
if (empty($json)) {
echo json_encode(array('actionErrors' => 'e2'));
} else {
echo $json . "(" . json_encode(array('actionErrors' => 'e2')) . ")";
}
exit;
}
$active_ip = getClientIP();
//IP地址
$result = $this->common_model->activation($card_no, $user_name, $active_ip, $game_id);
if ($result) {
if (empty($json)) {
echo json_encode(array('actionErrors' => 'succ'));
} else {
echo $json . "(" . json_encode(array('actionErrors' => 'succ')) . ")";
}
}
exit;
}
public function check_formlimitation($formID, $dayrange = 1, $limitation = 5)
{
$WebSiteID = $this->session->userdata('WebSiteID');
$sql = "SELECT COUNT(*) Total FROM tbl_restrictions_form_limitations WHERE WebSiteID='" . $WebSiteID . "' AND FormID='" . $formID . "' AND ClientIP='" . getClientIP() . "' AND CreateTime> DATEADD(day,-" . $dayrange . ",GETDATE())";
$query = $this->db->query($sql);
$row = $query->row();
$Total = $row->Total;
$sql = "INSERT INTO tbl_restrictions_form_limitations (WebSiteID, FormID, ClientIP) VALUES ('" . $WebSiteID . "','" . $formID . "','" . getClientIP() . "')";
$query = $this->db->query($sql);
if ($Total >= $limitation) {
return false;
} else {
return true;
}
}
function writeLog($msg)
{
$time = Date('Y-m-d h:i:s');
$ip = getClientIP();
$info = "{$time}--{$ip} ------>{$msg}";
//echo $info;
$fp = fopen("/data/web/open.valsun.cn/log.txt", "a+");
//追加写入
if ($fp) {
$flag = fwrite($fp, $info . "\r\n");
if (!$flag) {
echo "写入文件失败<br>";
}
} else {
echo "打开文件失败";
}
fclose($fp);
}
function writeLog($msg)
{
$time = Date('Y-m-d h:i:s');
$log_path = WEB_PATH . 'log.txt';
$ip = getClientIP();
$info = "{$time}--{$ip} ------>{$msg}";
//echo $info;
$fp = fopen($log_path, "a+");
//追加写入
if ($fp) {
$flag = fwrite($fp, $info . "\r\n");
if (!$flag) {
echo "写入文件失败<br>";
}
} else {
echo "打开文件失败";
}
fclose($fp);
}
public static function userInfoCache($token, $userid)
{
self::initDB();
$data = Auth::getUserInfo($token);
//鉴权系统拉取权限
$userinfo = json_decode($data, TRUE);
if (json_last_error() != JSON_ERROR_NONE) {
//json数据解析出错
$errCode = 1;
$errMsg = '解析鉴权系统返回json出错!';
return false;
}
$sql = "select lastUpdateTime from pc_user where userPowerId = {$userid}";
$row = self::$dbConn->fetch_first($sql);
$time = time();
$ip = getClientIP();
//客户端ip
//var_dump($userinfo);exit;
$username = mysql_real_escape_string($userinfo['userName']);
$phone = mysql_real_escape_string($userinfo['phone']);
$email = mysql_real_escape_string($userinfo['email']);
if (!empty($row)) {
if (json_decode(intval($userinfo['lastUpdateTime']), TRUE) > $row['lastUpdateTime']) {
//鉴权系统信息已更新 更新本地数据
$up_sql = "update pc_user set userName = '******', userTel='{$phone}', userMail='{$email}', userIp = '{$ip}', userActive = userActive+1, lastUpdateTime={$time} where userPowerId={$userid}";
self::$dbConn->query($up_sql);
} else {
//信息没有更新 则只更新登陆次数
$up_sql = "update pc_user set userActive=userActive+1 where userPowerId={$userid}";
//echo $up_sql;exit;
self::$dbConn->query($up_sql);
}
} else {
//没找到结果集 新增用户数据
$in_sql = "insert into pc_user values (null, {$userid}, '{$username}', '', '' , '' , '' , '', '', '', '{$phone}', '{$email}', '{$ip}', 1, '', {$time}, 0, {$time})";
self::$dbConn->query($up_sql);
}
//存储用户权限信息到memcache
self::cacheUserInfoToMemcache($userid, $userinfo['power']);
return $userinfo;
}
public function getGlobal()
{
$m_user = $this->load("User");
//判断cookie是否有-自动登录
$cookie_auth = $this->getCookie('auth');
if ($cookie_auth) {
$clean = array();
list($identifier, $token) = explode(':', $cookie_auth);
if (ctype_alnum($identifier) && ctype_alnum($token)) {
$clean['identifier'] = $identifier;
$clean['token'] = $token;
}
$record = $m_user->Where(array("identifier" => $clean['identifier']))->Field("id,email,identifier,identifier_token,login_time,point,refuse")->SelectOne();
if ($record && $record["refuse"]) {
if ($clean['token'] != $record['identifier_token']) {
//$this->redirect("Login/index");
} elseif ($clean['identifier'] != md5("SALTISDIFFCULT" . md5($record["email"] . "SALTISDIFFCULT"))) {
//$this->redirect("Login/index");
} else {
//更新
if ($record["login_time"] < strtotime(date("Y-m-d"))) {
$m_user->UpdateByID(array("login_time" => time(), "login_ip" => getClientIP(), "point" => $record["point"] + 2), $record["id"]);
}
$this->setSession('uid', $record["id"]);
$this->setSession('email', $record["email"]);
}
}
}
//根据session uid 获取该用户的信息
$session_uid = $this->getSession("uid");
$session_email = $this->getSession("email");
if (isset($session_uid) && !empty($session_uid)) {
$current_user_info = $m_user->Where(array("id" => $session_uid))->Field("id,email,username")->SelectOne();
$current_user_info = deep_htmlspecialchars_decode($current_user_info);
$this->getView()->assign("current_user_info", $current_user_info);
}
}
<?php
//测试负载均衡的ip地址
echo 'HTTP_HOST'.$_SERVER['HTTP_HOST'].',REMOTE_ADDR '.$_SERVER["REMOTE_ADDR"].',SERVER_NAME'.$_SERVER['SERVER_NAME'].',getClientIP'.getClientIP();
/**
* 获取客户端ip
*/
function getClientIP() {
$ip = "unknown";
/*
* 访问时用localhost访问的,读出来的是“::1”是正常情况。
* ::1说明开启了ipv6支持,这是ipv6下的本地回环地址的表示。
* 使用ip地址访问或者关闭ipv6支持都可以不显示这个。
* */
if (isset($_SERVER)) {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif (isset($_SERVER["HTTP_CLIENT_ip"])) {
$ip = $_SERVER["HTTP_CLIENT_ip"];
} else {
$ip = $_SERVER["REMOTE_ADDR"];
}
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$ip = getenv('HTTP_X_FORWARDED_FOR');
} elseif (getenv('HTTP_CLIENT_ip')) {
$ip = getenv('HTTP_CLIENT_ip');
} else {
$ip = getenv('REMOTE_ADDR');
function detectCountry($mysqli, $cod_pais = '')
{
/*$url = "http://ipinfo.io/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);*/
//Con esta opcion almaceno el resultado en una variable
//curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//session_start();
if (isset($cod_pais) && $cod_pais != '') {
$pais = $cod_pais;
} else {
// Usamos la API de GEO plugin + mas el header TTP_X_FORWARDED_FOR
$data = unserialize(file_get_contents('http://www.geoplugin.net/php.gp?ip=' . getClientIP()));
$pais = $data['geoplugin_countryCode'];
}
if ($pais) {
//$resp = json_decode(curl_exec($ch));
$cod_pais = $pais;
//$resp->country;
$query = "SELECT id, pais, flag FROM paises WHERE cod_pais='{$cod_pais}'";
$result = $mysqli->query($query);
$tablaPaisdatos = $result->fetch_assoc();
$tablaPais = array('id' => $tablaPaisdatos['id'], 'cod_pais' => $cod_pais, 'pais' => $tablaPaisdatos['pais'], 'flag' => $tablaPaisdatos['flag']);
if ($cod_pais != 'US') {
$query2 = "SELECT id, idioma, cod_idioma FROM idiomas WHERE idiomas.id = (select id_idioma from pais_idioma where pais_idioma.id_pais = {$tablaPaisdatos['id']})";
$result2 = $mysqli->query($query2);
$idioma = $result2->fetch_assoc();
$idioma_sel = $idioma['idioma'];
} else {
$idioma = array("id" => "2", "idioma" => "Ingles", "cod_idioma" => "IN");
$idioma_sel = "Ingles";
}
$_SESSION['pais'] = array('id' => $tablaPais['id'], 'cod_pais' => $tablaPais['cod_pais'], 'pais' => $tablaPais['pais'], 'flag' => $tablaPais['flag'], 'idioma' => $idioma_sel, 'cod_idioma' => $idioma['cod_idioma'], 'id_idioma' => $idioma['id']);
} else {
$_SESSION['pais'] = array('pais' => 'Argentina', 'cod_pais' => "AR", 'idioma' => 'ES', 'flag' => 'images/flags/ar.png', 'id_idioma' => '1', 'cod_idioma' => 'ES', 'id' => '1');
$_SESSION['ciudad'] = 'Rosario';
}
//curl_close($ch);
}
$txtAuthorizeLoginId = $row["authorize_loginid"];
$txtAuthorizeTransKey = $row["authorize_transkey"];
$txtCurrency = "USD";
$txtAuthorizeEmail = $row["authorize_email"];
$txtAuthorizeTestMode = $row["authorize_test_mode"];
if ($txtAuthorizeTestMode == "Y") {
$txtAuthorizeTestMode = "on";
} else {
$txtAuthorizeTestMode = "off";
}
$gift_coupon_flag = 0;
$message = "";
$paymentsuccessful = false;
$paymenterror = "";
$referrer = $_SERVER["HTTP_REFERER"];
$Cust_ip = getClientIP();
$txtAddress = $txtAddress1;
if (!$ddlCountry) {
$ddlCountry = $bill_country;
}
if (!$txtState) {
$txtState = $bill_state;
}
$Company = "-NA-";
$Phone = $txtPhone;
if ($txtLastName == "") {
$txtLastName = "-NA-";
}
require "../authorize-product-listing.php";
//process the card and return result. Comment this line and uncomment the two lines below to make payment test mode
//$paymentsuccessful = true;
$loginUser = strAddslashes(trim($_POST['login-user']));
$loginPwd = stripslashes(trim($_POST['login-pwd']));
if (strlen($loginUser) < 2 || strlen($loginUser) > 45 || strlen($loginPwd) < 6 || strlen($loginPwd) > 18) {
echo "0 用户名或者密码不符合要求";
} else {
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
if (!emailcheck($loginUser)) {
$LoginType = "lower(`name`)";
} else {
$LoginType = "`email`";
}
$userArr = $TB->getMemberInfo($LoginType, strtolower($loginUser));
if (!empty($userArr['uid'])) {
if ($userArr['password'] == md5($loginPwd)) {
$loginTime = time();
$loginIp = getClientIP();
loginCookie($userArr['uid'], $userArr['name'], $userArr['groupid'], $loginIp, $loginTime);
$loginInfo['securekey'] = createSecureKey(10);
$loginInfo['lastdate'] = $loginTime;
$loginInfo['lastip'] = $loginIp;
if ($userArr['lastdate'] != date("Y.m.d")) {
$loginInfo['integral'] = array("`integral`+1");
}
$DB->query($DB->update_sql("`" . $table_member . "`", $loginInfo, "`uid`=" . $userArr['uid']));
echo "1 登录成功";
} else {
echo "0 您输入的密码不正确";
}
} else {
echo "0 通行证账号不存在";
}
// echo "<br>varuploadfiles(3)==".$var_uploaded_files;
if ($var_uploaded_files != "") {
$vAttacharr = explode("|", $var_uploaded_files);
foreach ($vAttacharr as $key => $value) {
$split_name_url = explode("*", $value);
$mime->fattach("../attachments/" . $split_name_url[0], "Attached here is " . $split_name_url[1]);
}
}
$mime->send_mail();
}
//insert into reply table
$sql = "insert into sptbl_replies(nReplyId,nTicketId,nStaffId,vStaffLogin,";
$sql .= " dDate,tReply,tPvtMessage,vReplyTime,vMachineIP) values('','" . mysql_real_escape_string($var_tid) . "',";
$sql .= "'" . mysql_real_escape_string($_SESSION["sess_staffid"]) . "',";
$sql .= "'" . mysql_real_escape_string($_SESSION["sess_staffname"]) . "',now(),'" . mysql_real_escape_string($var_replymatter) . "','" . mysql_real_escape_string($var_pvtmessage) . "',";
$sql .= "'" . mysql_real_escape_string($var_timespent) . "','" . mysql_real_escape_string(getClientIP()) . "')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','" . $_SESSION["sess_staffid"] . "','" . TEXT_ADDITION . "','Reply','" . mysql_real_escape_string($var_insert_id) . "',now())";
executeQuery($sql, $conn);
}
//save attachment
$sql_insert_attach = "insert into sptbl_attachments(nReplyId,vAttachReference,vAttachUrl) values";
// echo "<br>varuploadfiles(4)==".$var_uploaded_files;
if ($var_uploaded_files != "") {
$vAttacharr = explode("|", $var_uploaded_files);
foreach ($vAttacharr as $key => $value) {
$split_name_url = explode("*", $value);
$sql_insert_attach .= "('{$var_insert_id}','" . mysql_real_escape_string($split_name_url[1]) . "','" . mysql_real_escape_string($split_name_url[0]) . "'),";
function login()
{
if ($this->Session->read('Auth.User')) {
$this->User->id = $this->Session->read('Auth.User.id');
$this->User->saveField('last_login_ip', getClientIP());
$this->User->saveField('last_login_time', date('Y-m-d H:i:s'));
//$this->Session->setFlash('You are logged in!');
$this->redirect('/users/profile', null, false);
}
}
function getClientHostnameFromIP()
{
return gethostbyaddr(getClientIP());
}
die("1 " . $checkname);
}
$passwd = stripslashes(trim($_POST['userpwd']));
$repasswd = stripslashes(trim($_POST['repwd']));
if (strlen($passwd) < 6 || strlen($passwd) > 18) {
die("1 密码长度应控制在6至18个字符之间。");
}
if ($passwd != $repasswd) {
die("1 两次输入的密码不一致。");
}
$email = strtolower(trim($_POST['useremail']));
if (strlen($email) > 45 || !emailcheck($email)) {
die("1 电子邮件地址不合法。");
}
$actionTime = time();
$actionIp = getClientIP();
$DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname);
if ($DB->fetch_one("SELECT COUNT(`bid`) FROM `" . $table_black . "` WHERE `uname`='" . $actionIp . "'") != 0) {
echo "1 很抱歉,系统拒绝了您的注册!请与管理员联系。";
} else {
if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE lower(`name`)='" . strtolower($uname) . "'") != 0) {
echo "1 用户昵称已被占用";
} else {
if ($DB->fetch_one("SELECT COUNT(`uid`) FROM `" . $table_member . "` WHERE `email` = '" . $email . "'") != 0) {
echo "1 电子邮箱地址已被注册";
} else {
$passport_info['name'] = $uname;
$passport_info['email'] = $email;
$passport_info['password'] = md5($passwd);
$passport_info['securekey'] = createSecureKey(8);
$passport_info['regdate'] = $actionTime;
<?php
//file that has the main logic for the php and the webapp
//including the nesesary things for the database connection
require_once "../secure/database.php";
//include the helper functions
require_once "helperFunctions.php";
//starting the session
session_start();
if (isset($_POST['HomeDescription'])) {
//create connection with database
$conn = pg_connect(HOST . " " . DBNAME . " " . USERNAME . " " . PASSWORD) or die('Could not connect: ' . pg_last_error());
//set up varibles
$description = htmlspecialchars($_POST['HomeDescription']);
//updateprepare stamtnet
$resultForUpdating = pg_prepare($conn, "updating", 'UPDATE lab8.user_info
SET description = $1 WHERE username LIKE $2') or die("Updating prepare Fail: " . pg_last_error());
//update execute stamtnet
$resultForUpdating = pg_execute($conn, "updating", array($description, $_SESSION['user'])) or die("Updating Execute fail: " . pg_last_error());
//update the log with the action that just occured
$resultForlog = pg_prepare($conn, "logUpdate", "INSERT INTO lab8.log\n VALUES(DEFAULT,\$1,\$2,DEFAULT,\$3)") or die("logUpdate prepare fail: " . pg_last_error());
$resultForlog = pg_execute($conn, "logUpdate", array($_SESSION['user'], getClientIP(), "Updated Description")) or die("logupdate execute fail: " . pg_last_error());
//close all the connections
pg_free_result($resultForUpdating);
pg_free_result($resultForlog);
pg_close($conn);
}
/**
* 通过接口注册通用的方法
*
* @param $user_name 用户名
* @param $pwd 密码,做过base64编码
* @param $poster 海报码
* @param $realname 真实姓名
* @param $identity 身份证
* @param $email 邮箱
*/
private function regCommon($user_name, $pwd, $poster = '', $realname = '', $identity = '', $email = '', $reg_from_id = 0)
{
// $user_name = strtolower($user_name);
$ip = getClientIP();
//取站长信息
$from_id = $_COOKIE[WEBMASTER];
$game_id = $_COOKIE[AD_GAME_ID];
$type = $_COOKIE[SPREAD_TYPE];
$sub_code = $_COOKIE[SUB_CODE];
$invite = $_COOKIE[INVITE];
//调用Java接口 验证,取account_id.
$regSign = md5($user_name . $pwd . REG_USER_KEY);
$data = array('passport' => $user_name, 'password' => $pwd, 'ip' => $ip, 'realname' => $realname, 'idcard' => $identity, 'sign' => $regSign);
$rereg = $this->get_request_file(REG_USER_URL, $data);
$re_array = json_decode($rereg);
if (empty($re_array) || $re_array[0]->result == 'fail') {
return false;
//注册失败
}
$account_id = $re_array[0]->account_id;
//取站长推广有效期
$period = 0;
$cps_end_time = date('Y-m-d H:i:s');
$this->loadModel('member_model');
if ($type == 2) {
//cps
$union = $this->member_model->from('union_webmaster')->getOne('*', array('webmaster_id' => $from_id), UNION_ . $from_id, 3600 * 12);
if ($union['status'] == 1) {
$period = empty($union['share_month']) ? 0 : $union['share_month'];
}
// $period = empty($union['share_month'])?0:$union['share_month'];
$cps_end_time = date('Y-m-d', strtotime("+{$period}\tmonth"));
if ($game_id == 14) {
//炼狱世界发卡
$this->getAndUseCard($game_id, $account_id, $user_name, $pwd, $ip);
}
}
$week = date('N');
$hour = date('H');
$user = array('account_id' => $account_id, 'account' => $user_name, 'email' => $email, 'reg_ip' => $ip, 'reg_time' => date('Y-m-d H:i:s'), 'from_id' => empty($from_id) ? $reg_from_id : $from_id, 'game_id' => empty($game_id) ? 0 : $game_id, 'poster' => empty($poster) ? 0 : $poster, 'type' => empty($type) ? 0 : $type, 'period' => $period, 'cooper_id' => 0, 'sub_code' => empty($sub_code) ? 0 : $sub_code, 'cps_end_time' => $cps_end_time, 'week' => $week, 'hour' => $hour, 'invite' => empty($invite) ? 0 : $invite);
$a = $this->member_model->from('account')->insert($user);
$_SESSION['validn'] = '';
$_SESSION[SESS_USER] = $user;
$crypt_key = md5($user_name . time() . ENCRYPT_KEY);
$inter_pwd = md5(strtoupper(md5(base64_decode($pwd))));
$cookie_pwd = crypt_encode($inter_pwd, $crypt_key);
// log_info("member :".getClientIP()."\t".var_export($_SESSION[SESS_USER],true));
setcookie(SDK, $crypt_key, time() + 3600 * 5, '/', DOMAIN);
setcookie(SDU, crypt_encode($user_name, $crypt_key), time() + 3600 * 5, '/', DOMAIN);
setcookie(SDP, $cookie_pwd, time() + 3600 * 5, '/', DOMAIN);
//记录用户登陆 分流页用
$other = json_encode(array('msg' => 'loginSucceed', 'result' => '', 'account_id' => $account_id, 'account' => $user_name));
setcookie('servers', $other, time() + 1800, '/', '.51yx.com');
//TODO 调用广告注册
// md5 = Constants.getMD5(Constants.JAVA_TO_PHP_KEY+svalue+registerIP+userName).substring(0,16).toLowerCase();
// url = new URL(" http://c.51yx.com/client/regdata.php?cid="+svalue+"&pp="+userName+"&ip="+registerIP+"&key="+md5);
// JAVA_TO_PHP_KEY = "!@#Condor)(*";
$condor_adsys_id = $_COOKIE['condor_adsys_id'];
if (!empty($condor_adsys_id)) {
$adsys_pub_key = "!@#Condor)(*";
$adsys_key = strtolower(substr(md5($adsys_pub_key . $condor_adsys_id . $ip . $user_name), 0, 16));
$adsys_url = "http://c.51yx.com/client/regdata.php?cid={$condor_adsys_id}&pp={$user_name}&ip={$ip}&key={$adsys_key}";
@$this->curl_request($adsys_url);
}
return true;
}
}
}
if (!isset($userGroup[$loginArr['group']]['verify']) || $userGroup[$loginArr['group']]['verify'] != 0) {
if (isset($_POST['verifyNum'])) {
$vfNum = strtolower(trim($_POST['verifyNum']));
$vfMD5 = md5(base64_encode(md5($vfNum)));
if (strlen($vfNum) != 4 || !isset($_COOKIE['replyVerify']) || $_COOKIE['replyVerify'] != $vfMD5) {
$DB->close();
die("0 reply");
}
} else {
$DB->close();
die("0 请重新加载页面后再发布帖子");
}
}
$userIP = getClientIP();
if (isset($_POST['anony']) && $post_anonymous == 1 || $loginArr['state'] == 0) {
$authorid = 0;
if ($loginArr['state'] == 1 || empty($loginArr['name'])) {
$expIP = explode(".", $userIP);
$author = $expIP[0] . "." . $expIP[1] . "." . $expIP[2] . ".*";
} else {
$author = $loginArr['name'];
}
$loginArr['group'] = 0;
}
$guestname = 0;
if ($loginArr['state'] == 0 && $loginArr['name'] != "") {
$guestname = 1;
}
$banSql = "SELECT COUNT(`bid`) FROM `" . $table_black . "` WHERE ";
/**
* 从官网登陆游戏
*/
public function index()
{
if (!isset($_GET[2]) || !isset($_GET[3])) {
$this->report("登录参数错误!");
}
$gameid = intval($_GET[2]);
$serverid = intval($_GET[3]);
if (!$this->is_login()) {
$this->loadModel('game_manager');
// $game = $this->game_manager->get_game($gameid);
$this->gotourl("http://www.263wan.com/login.html?reurl=" . urlencode("http://go.263wan.com/playgame/index/{$gameid}/{$serverid}/"));
}
$visitor_ip = getClientIP();
//判断用户登陆,未登陆跳转到登陆页 TODO:未完成
$user = $_SESSION[SESS_USER];
if (empty($user['account_id'])) {
$this->loadModel('game_manager');
// $game = $this->game_manager->get_game($gameid);
// $this->report("您还未登录,或已登陆超时!请您从官网登陆游戏!",$game['url']);
$this->gotourl("http://www.263wan.com/login.html?reurl=" . urlencode("http://go.263wan.com/playgame/index/{$gameid}/{$serverid}/"));
}
$login_info = $this->check_game($user, $gameid, $serverid, $visitor_ip);
switch ($login_info['flag']) {
case 1:
//无此游戏
$this->report("参数错误!");
die;
break;
case 2:
//服务器与游戏不匹配
$this->report("参数错误!", $login_info['game_url']);
die;
break;
case 3:
//游戏维护
$this->gotourl($login_info['tip_url']);
//维护时跳转到维护页
// if($login_info['game_id'] == 19){ //19:热血武林激活页!
// $this->gotourl('http://hd.51yx.com/20111201/');
// }else {
// $this->report("游戏正在维护,请您稍后重新登录!",$login_info['game_url']);
// }
die;
break;
case 4:
//账号需要激活
if ($login_info['game_id'] == 19) {
//19:热血武林激活页!
$this->report("游戏测试阶段,激活账号后方可进入游戏!", "http://hd.51yx.com/20111117/");
} else {
$this->report("游戏测试阶段,激活账号后方可进入游戏!", $login_info['game_url']);
}
die;
break;
case 5:
//游戏未开服
$this->gotourl($login_info['noopen_url']);
//维护时跳转到维护页
die;
break;
}
$location_url = $this->play($login_info, $visitor_ip, $gameid, $serverid);
$this->view->assign('login_info', $login_info);
$this->view->assign('url', $location_url);
$this->view->assign('skip_header', true);
$this->view->assign('skip_left', true);
$this->view->assign('skip_links', true);
$this->view->assign('skip_footer', true);
$this->view->display('game.tpl');
exit;
}
/**
* TrackInquiryAct::act_trackInfoEn()
* 查询目的地跟踪信息
* @param string $carrier 运输方式名称
* @param string $tracknum 跟踪号
* @param string $tracklan 语言
* @return json string
*/
public function act_trackInfoEn()
{
$carrier = isset($_REQUEST['carrier']) ? post_check($_REQUEST['carrier']) : '';
$tracknum = isset($_REQUEST['tracknum']) ? post_check($_REQUEST['tracknum']) : '';
$tracklan = isset($_REQUEST['tracklan']) ? abs(intval($_REQUEST['tracklan'])) : 10000;
$ip = getClientIP();
$ipNum = sprintf('%u', ip2long($ip));
if (in_array($carrier, array('美国邮政'))) {
$tracklan = 10000;
}
if (empty($carrier)) {
self::$errCode = 10000;
self::$errMsg = "运输方式参数非法!";
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:" . self::$errMsg . "\n");
return false;
}
if (empty($tracknum)) {
self::$errCode = 10001;
self::$errMsg = "跟踪号参数非法!";
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:" . self::$errMsg . "\n");
return false;
}
//访问统计逻辑
$data = array();
$times = time();
$maxcount = C("USER_MAX_COUNT");
$exptime = C("USER_EXPIRES_TIME");
$res = TrackInquiryModel::showIpStat($ipNum);
$stats = isset($res['count']) ? $res['count'] : 0;
$exptimes = isset($res['expires']) ? $res['expires'] : 0;
$data['trackInfoEn'] = array();
if ($stats > $maxcount && $exptimes > $times && !in_array($ip, array('183.233.230.2'), true)) {
array_push($data['trackInfoEn'], array("postion" => "server", "event" => "{$ip}:Visits over", "trackTime" => date('Y-m-d H:i:s', time()), "stat" => 0));
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:Visits over\n");
return $data;
exit;
}
if (!$stats) {
$res = TrackInquiryModel::updateStatInfo($ipNum, array("ip" => $ip, "count" => 1, "expires" => $times + $exptime, "ipNum" => $ipNum));
} else {
if ($exptimes < $times) {
$res = TrackInquiryModel::updateStatInfo($ipNum, array("ip" => $ip, "count" => 1, "expires" => $times + $exptime, "ipNum" => $ipNum));
} else {
$res = TrackInquiryModel::updateStatInfo($ipNum, array("ip" => $ip, "count" => $stats + 1, "ipNum" => $ipNum));
}
}
//查询跟踪信息并memcache
$cacheName = md5("track_number_info" . $carrier . "_" . $tracknum . "_" . $tracklan);
$memc_obj = new Cache(C('CACHEGROUP'));
$trackInfo = $memc_obj->get_extral($cacheName);
$trackInfo = @unserialize($trackInfo);
if (!empty($trackInfo['trackInfo'])) {
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:memcache success\n");
return $trackInfo;
} else {
$trackInfo = TrackInquiryModel::trackInfoEn($carrier, $tracknum, $tracklan);
if (!in_array($trackInfo['trackInfoEn'][0]['event'], array('Time out', 'time out', 'No data', 'System Interface exceptions,Please try again!'))) {
$isok = $memc_obj->set_extral($cacheName, serialize($trackInfo), 7200);
if (!$isok) {
self::$errCode = 0;
self::$errMsg = 'memcache缓存出错!';
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:" . self::$errMsg . "\n");
//return false;
}
}
if (in_array($trackInfo['trackInfoEn'][0]['event'], array('Time out', 'time out'))) {
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:" . $trackInfo['trackInfo'][0]['event'] . "\n");
}
if ($trackInfo['trackInfoEn'][0]['postion'] == 'No data') {
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:" . $trackInfo['trackInfo'][0]['event'] . "\n");
}
if (empty($trackInfo['trackInfoEn'])) {
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:接口获取数据异常\n");
}
@write_a_file(self::$logFile, date('Y-m-d H:i:s') . "=====" . $ip . "=====" . $carrier . "=====" . $tracknum . "=====" . $tracklan . "=====event:api interface success\n");
return $trackInfo;
}
}
$productid = $_GET["productid"];
} else {
if (isset($_POST["productid"]) and $_POST["productid"] != "") {
$productid = $_POST["productid"];
}
}
if ($productid == '') {
header("Location:index.php");
exit;
}
/*
* Impression counter by Binu Chandran.E
*/
$impressionFound = false;
//Client IP Address
$ip = getClientIP();
//Check last visit for this product from same Ip address
//With in 24 hrs
$imQuery = "SELECT product_impression_id\n FROM " . $tableprefix . "product_impression\n WHERE product_id = '" . mysql_real_escape_string($productid) . "'\n AND ip = '" . mysql_real_escape_string($ip) . "'\n AND ADDDATE(visited_on, INTERVAL 24 HOUR) > NOW()";
$result = mysql_query($imQuery) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
$imRow = mysql_fetch_object($result);
if ($imRow->product_impression_id > 0) {
$impressionFound = true;
}
}
if ($impressionFound === false) {
//Add new visit
$imQuery = "INSERT INTO " . $tableprefix . "product_impression\n SET product_id = '" . mysql_real_escape_string($productid) . "',\n ip = '" . mysql_real_escape_string($ip) . "'";
mysql_query($imQuery) or die(mysql_error());
}
} elseif (!Sql_Table_exists($GLOBALS['tables']['config'])) {
$GLOBALS['require_login'] = 0;
}
if (!empty($_GET['pi']) && isset($GLOBALS['plugins'][$_GET['pi']])) {
$page_title = $GLOBALS['plugins'][$_GET['pi']]->pageTitle($page);
} else {
$page_title = $GLOBALS['I18N']->pageTitle($page);
}
print '<title>' . NAME . ' :: ';
if (isset($GLOBALS['installation_name'])) {
print $GLOBALS['installation_name'] . ' :: ';
}
print "{$page_title}</title>";
if (!empty($GLOBALS['require_login'])) {
#bth 7.1.2015 to support x-forwarded-for
$remoteAddr = getClientIP();
if ($GLOBALS['admin_auth_module'] && is_file('auth/' . $GLOBALS['admin_auth_module'])) {
require_once 'auth/' . $GLOBALS['admin_auth_module'];
} elseif ($GLOBALS['admin_auth_module'] && is_file($GLOBALS['admin_auth_module'])) {
require_once $GLOBALS['admin_auth_module'];
} else {
if ($GLOBALS['admin_auth_module']) {
logEvent('Warning: unable to use ' . $GLOBALS['admin_auth_module'] . ' for admin authentication, reverting back to phplist authentication');
$GLOBALS['admin_auth_module'] = 'phplist_auth.inc';
}
require_once 'auth/phplist_auth.inc';
}
if (class_exists('admin_auth')) {
$GLOBALS['admin_auth'] = new admin_auth();
} else {
print Fatal_Error($GLOBALS['I18N']->get('Admin Authentication initialisation failure'));
$qstion = $var_desc;
$vAttachmentfiles = $var_uploadfiles;
//$tempticketid=$row['nTpTicketId'];
$priority = $var_prty;
if (isValidCredentials($var_userid, $deptid, $priority)) {
$var_final_flag = true;
//Modification on October 3, 2005
$sql = "Select nDeptId from sptbl_depts where nDeptParent='{$deptid}'";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
$var_continue_exec = false;
}
//End Modification
if ($var_continue_exec == true) {
//get ip address
$varclip = getClientIP();
//insert into ticket
$sql_insert_ticket = "insert into sptbl_tickets(nTicketId,nDeptId,vRefNo,nUserId,vUserName,vTitle,tQuestion,vPriority,dPostDate,vMachineIP,dLastAttempted)";
$sql_insert_ticket .= "values('','{$deptid}','1','{$var_userid}','" . mysql_real_escape_string($var_username) . "','" . mysql_real_escape_string($title) . "','";
$sql_insert_ticket .= mysql_real_escape_string($qstion) . "','{$priority}',now(),'{$varclip}',now())";
executeQuery($sql_insert_ticket, $conn);
$var_insert_id = mysql_insert_id($conn);
$var_ticketid = $var_insert_id;
//update reference number
// modified on 15-11-06 by roshith for constatnt length ref.no.
// 'zero' added for 2 digit companyid
if ($var_compid < 10) {
$var_compid = "0" . $var_compid;
}
$dept_id = $deptid;
// to send mail
// echo "<br>varuploadfiles(3)==".$var_uploaded_files;
if ($var_uploaded_files != "") {
$vAttacharr = explode("|", $var_uploaded_files);
foreach ($vAttacharr as $key => $value) {
$split_name_url = explode("*", $value);
$mime->fattach("../attachments/" . $split_name_url[0], "Attached here is " . $split_name_url[1]);
}
}
$mime->send_mail();
}
//insert into reply table
$sql = "insert into sptbl_replies(nReplyId,nTicketId,nStaffId,vStaffLogin,";
$sql .= " dDate,tReply,tPvtMessage,vReplyTime,vMachineIP) values('','" . addslashes($var_tid) . "',";
$sql .= "'" . addslashes($_SESSION["sess_staffid"]) . "',";
$sql .= "'" . addslashes($_SESSION["sess_staffname"]) . "',now(),'" . addslashes($var_replymatter) . "','" . addslashes($var_pvtmessage) . "',";
$sql .= "'" . addslashes($var_timespent) . "','" . addslashes(getClientIP()) . "')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','" . $_SESSION["sess_staffid"] . "','" . TEXT_ADDITION . "','Reply','" . addslashes($var_insert_id) . "',now())";
executeQuery($sql, $conn);
}
//save attachment
$sql_insert_attach = "insert into sptbl_attachments(nReplyId,vAttachReference,vAttachUrl) values";
// echo "<br>varuploadfiles(4)==".$var_uploaded_files;
if ($var_uploaded_files != "") {
$vAttacharr = explode("|", $var_uploaded_files);
foreach ($vAttacharr as $key => $value) {
$split_name_url = explode("*", $value);
$sql_insert_attach .= "('{$var_insert_id}','" . addslashes($split_name_url[1]) . "','" . addslashes($split_name_url[0]) . "'),";
/**
* Check result for the last execution
*
* @param NULL
* @return NULL
*/
private final function checkResult()
{
$this->_reset();
if (self::$conn->errorCode() != $this->successCode) {
$this->success = FALSE;
$error = self::$conn->errorInfo();
$traceInfo = debug_backtrace();
if (ENV == 'DEV') {
Helper::raiseError($traceInfo, $error[2], $this->sql);
} else {
// Log error SQL and reason for debug
$errorMsg = getClientIP() . ' | ' . date('Y-m-d H:i:s') . PHP_EOL;
$errorMsg .= 'SQL: ' . $this->sql . PHP_EOL;
$errorMsg .= 'Error: ' . $error[2] . PHP_EOL;
$title = 'LINE__________FUNCTION__________FILE______________________________________' . PHP_EOL;
$errorMsg .= $title;
foreach ($traceInfo as $v) {
$errorMsg .= $v['line'];
$errorMsg .= $this->getUnderscore(10, strlen($v['line']));
$errorMsg .= $v['function'];
$errorMsg .= $this->getUnderscore(20, strlen($v['function']));
$errorMsg .= $v['file'] . PHP_EOL;
}
file_put_contents($this->logFile, PHP_EOL . $errorMsg, FILE_APPEND);
return FALSE;
}
} else {
$this->success = TRUE;
}
}
print " </div>\n";
$show_upload = true;
$show_success = false;
// Check for upload error
} else {
if ($_FILES["file"]["error"] == 7) {
print " <div id=\"notice\">\n";
print " <span>An error occured saving the file. Please try again.</span>\n";
print " </div>\n";
$show_upload = true;
$show_success = false;
// Everything is fine
} else {
// Generate random file ID
$file_id = generate_access_id(6);
$client_ip = getClientIP();
// Calculate file name
$file_name = $_FILES["file"]["name"];
$name_text = $file_name;
// Calculate file type
$file_type = $_FILES["file"]["type"];
// Calculate file size
$file_size = $_FILES["file"]["size"];
$file_size_class = new getFileSize();
$file_size_text = $file_size_class->fileSizeConversion($file_size, 'B');
// Calculate file expiry time
switch ($_POST["expire_time"]) {
case 1800:
// 30 minutes
$file_expiry = time() + 1800;
$expiry_text = "in 30 minutes";
