function refresh($user) { $uid = $user['uid']; $password = $user['password']; $this->base->user = $user; $auth = strcode("{$uid}\t{$password}", AUTH_KEY, 'ENCODE'); tcookie('auth', $auth, DAY * 30); }
function init_user() { @($auth = tcookie('auth')); $user = array('uid' => 0); @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1)); if ($uid && $password) { $finduser = $this('user')->findById($uid); $finduser && $password == $finduser['password'] && ($user = $finduser); } $user['ip'] = $this->ip; $this->user = $user; }
public function check($aid = 0) { $isajax = $this->input->is_ajax_request(); if (!$isajax) { return false; } $this->load->library('verify'); $status = $this->verify->check(); $status = $status ? 1 : 0; if ($status) { //write aid cookie $string = $aid . "\thk8" . date('H:i:s'); $str = strcode($string, $encode = true); setcookie('hk8_verify_topic_dw', $str, time() + 3600, '/'); } die("{$status}"); }
function login_sub() { $_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit; if (isset($_COOKIE['qcs_auth'])) { $id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE')); (!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index'); } else { $this->redirect('Account/login'); } if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) { Session::set('aid', 1); $this->redirect('Admin/main'); } else { $this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>'); $this->display('Admin/login'); } }
header('Content-type: text/html; charset=UTF-8'); /*$get=taddslashes($_GET); $post=taddslashes($_POST); */ $get = $_GET; $post = $_POST; unset($GLOBALS, $_ENV, $_GET, $_POST); empty($get['c']) && ($get['c'] = 'index'); empty($get['a']) && ($get['a'] = 'default'); define('ACTION', $get['a']); define('REGULAR', $get['c'] . '/' . $get['a']); //load control... $controlfile = APP_ROOT . '/control/' . $get['c'] . '.php'; if (false === @(include $controlfile)) { notfound('control file "' . $controlfile . '" not found!'); } $controlname = $get['c'] . 'control'; $control = new $controlname($get, $post); $method = strtolower('on' . $get['a']); if (method_exists($control, $method)) { $isajax = 0 === strpos($get['a'], 'ajax'); if ($control->checkable(REGULAR) || $isajax) { $control->{$method}(); } else { $querystring = strcode($_SERVER["QUERY_STRING"], '', 'ENCODE'); tcookie('querystring', $querystring, 86400); $control->message('您无权进行当前操作,原因如下:<br/> 您所在的用户组(' . $control->user['title'] . ')无法进行此操作。', 'c=user&a=login'); } } else { notfound('control "' . $controlname . '" method "' . $method . '" not found!'); }
$member['cookietime'] = $member['cktime'] ? $member['cktime'] - TIME : 0; if ($action == 'login') { $member['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $member['username']); if (strlen($member['username']) > 20) { $member['username'] = substr($member['username'], 0, 20); } if (empty($member['time']) || empty($member['username']) || empty($member['password'])) { exit('Lack of required parameters!'); } elseif ($setting['passport_expire'] && TIME - $member['time'] > $setting['passport_expire']) { exit('Request expired!'); } $user = $db->fetch_first("SELECT * FROM " . DB_TABLEPRE . "user WHERE username='******'username'] . "'"); if ($user) { $uid = $user['uid']; // $user->edit($member); } else { $credit1 = $setting['credit1_register']; $credit2 = $setting['credit2_register']; $db->query("INSERT INTO " . DB_TABLEPRE . "user(username,password,email,credit1,credit2) values ('{$member['username']}','{$member['password']}','{$member['email']}',{$credit1},{$credit2})"); $uid = $db->insert_id(); $db->query("INSERT INTO " . DB_TABLEPRE . "credit(uid,time,operation,credit1,credit2) VALUES ({$uid}," . TIME . ",'user/register',{$credit1},{$credit2}) "); } $forward = empty($forward) ? $setting['passport_server'] : $forward; $auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE'); tcookie('auth', $auth, 24 * 3600 * 365); } elseif ($action == 'logout' || $action == 'quit') { tcookie('sid', ''); tcookie('auth', ''); $forward = empty($forward) ? $setting['passport_server'] : $forward; } header('location:' . $forward);
function activate_receive() { $this->uid != NULL && exit('Access Denied!'); $this->toclose(); $info = unserialize(Session::get('activate_info')); ($this->setting['ucenter_on'] != 1 || $info == NULL || $info[0] < 0 || !$this->isAjax() || $this->uid != NULL) && exit('Access Denied!'); $user = M('user'); $user->where(array('name' => $info[1]))->count() != 0 && exit('失败:用户名被占用'); $user->where(array('email' => $info[3]))->count() != 0 && exit('失败:邮箱被占用'); if ($id = $user->add(array('name' => $info[1], 'pwd' => pwd_encode($info[2]), 'email' => $info[3], 'province' => $this->post['province'], 'city' => $this->post['city'], 'county' => $this->post['county']))) { $auth_id = strcode($id . "\t" . md5($this->setting['auth_key']), $this->setting['auth_key'], 'ENCODE'); if ($info['auto'] == 1) { setcookie('qcs_auth', $auth_id, time() + 365 * 24 * 3600, '/'); } else { if ($this->post['is_auto'] == 0) { setcookie('qcs_auth', $auth_id, NULL, '/'); } } Session::set('activate_info', NULL); echo '激活成功,点此进入首页' . uc_user_synlogin($info[0]); } }
} if (isset($user)) { $userdb['uid'] = $user['userid']; $userdb['username'] = $user['passport']; $userdb['password'] = $user['password']; $userdb['email'] = $user['email']; $userdb['gender'] = $user['gender']; $userdb['credit'] = $user['credit']; $userdb['time'] = $DT_TIME; $userdb['cktime'] = $cookietime > 0 ? $DT_TIME + $cookietime : 0; } $userdb_encode = ''; foreach ($userdb as $key => $val) { $userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}"; } $userdb_encode = str_replace('=', '', strcode($userdb_encode)); if ($action == 'login') { $verify = md5('login' . $userdb_encode . $forward . $MOD['passport_key']); $api_url = $jumpurl . '/passport_client.php?action=login&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($forward) . '&verify=' . rawurlencode($verify); } else { if ($action == 'logout') { $verify = md5('quit' . $userdb_encode . $forward . $MOD['passport_key']); $api_url = $jumpurl . '/passport_client.php?action=quit&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($forward) . '&verify=' . rawurlencode($verify); } } function strcode($string, $action = 'ENCODE') { global $MOD; $key = substr(md5($_SERVER["HTTP_USER_AGENT"] . $MOD['passport_key']), 8, 18); $string = $action == 'ENCODE' ? $string : base64_decode($string); $len = strlen($key);
function synlogin($get, $post) { global $db, $setting; $uid = $get['uid']; $username = $get['username']; if (!API_SYNLOGIN) { return API_RETURN_FORBIDDEN; } header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $member = $db->fetch_first("select * from " . DB_TABLEPRE . "user where username='******'"); if (is_array($member)) { $auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE'); tcookie('auth', $auth, 31536000); } else { tcookie('loginuser', $username, $cookietime); } }
public function _initialize() { if (!F('setting')) { $setting = M('setting')->select(); $set = array(); foreach ($setting as $k => $v) { $set[$v['name']] = $v['value']; } F('setting', $set); } $this->assign('setting', F('setting')); $this->setting = F('setting'); $setting = F('setting'); $this->sign = $this->setting['is_quora'] == 0 ? '帖子' : '问题'; $this->assign('sign', $this->sign); $this->setting['ucenter_on'] == 1 && (include CONFIG_PATH . '/uc_config.php') . (include './uc_client/client.php'); $u = M('user'); if (Session::get('uid') == NULL && $this->setting['ucenter_on'] == 1 && isset($_COOKIE['qcs_ucenter'])) { $name = explode("\t", uc_authcode($_COOKIE['qcs_ucenter'], 'DECODE')); $i = uc_get_user($name[1]); $uid = $u->where(array('name' => remove_xss($i[1]), 'email' => remove_xss($i[2])))->getField('id'); Session::set('uid', $uid); } else { if (Session::get('uid') == NULL && isset($_COOKIE['qcs_auth'])) { $id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE')); $uid = is_numeric($id[0]) ? $id[0] : NULL; Session::set('uid', $uid); } } $this->uid = Session::get('uid'); $user_arr = $this->uid != NULL ? $u->where(array('id' => $this->uid))->find() : NULL; /*Using function remove_xss and token to filter all of the dangerous xss POST or GET content or remote data from the browser-start*/ if ($_POST) { $po = array(); foreach ($_POST as $k => $v) { $po[$k] = remove_xss(htmlspecialchars($v)); } $this->post = $po; $this->post['ha'] != Session::get('ha') && exit('Access denied! hash value'); //对所有post的值均要先验证客户端hash值,防止远程提交 } if ($_GET) { $g = array(); foreach ($_GET as $k => $v) { $g[$k] = remove_xss(htmlspecialchars($v)); } $this->get = $g; } /*Using function remove_xss and token to filter all of the dangerous xss POST or GET content or remote data from the browser-end*/ import("ORG.Util.Page"); if ($this->get['noticeid']) { $notify = M('notice'); $n = $notify->where(array('id' => $this->get['noticeid']))->find(); if ($n != NULL && $n['uid'] == $this->uid) { $notify->where(array('id' => $this->get['noticeid']))->delete(); $u->where(array('id' => $this->uid))->setDec('newnotice'); if ($user_arr != NULL) { $user_arr['newnotice'] = $user_arr['newnotice'] - 1; } } } if ($this->get['msgid'] != NULL) { $Newmsg = M('newmsg'); $newmsg = $Newmsg->where(array('id' => $this->get['msgid']))->find(); if ($newmsg != NULL && $newmsg['uid'] == $this->uid) { $Newmsg->where(array('id' => $this->get['msgid']))->delete(); $msgcount = $Newmsg->where(array('uid' => $this->uid))->count(); $u->where(array('id' => $this->uid))->save(array('newmsg' => $msgcount)); if ($user_arr != NULL) { $user_arr['newmsg'] = $user_arr['newmsg'] - 1; } } } $this->assign('user', $user_arr); $this->username = $user_arr['name']; if (!F('category')) { $category = M('category')->select(); F('category', $category); } !Session::get('ha') && Session::set('ha', md5(rand(0, 99999) . uniqid())); //生成HASH值防止远程提交,所有post值均要传递此参数,否则首先被阻止 $this->assign('ha', Session::get('ha')); if ($this->uid != NULL) { if ($user_arr['newnotice'] != 0) { if (Session::get('inform') == NULL) { $notice = M('notice')->where(array('uid' => $this->uid))->limit(5)->select(); $a = M('answer'); $notice_content = ''; foreach ($notice as $k => $v) { if ($v['aid'] == 0) { $notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '¬iceid=' . $v['id']) . '">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>'; } else { $bestanswer = $a->where(array('id' => $v['aid']))->getField('bestanswer'); $map['id'] = array('lt', $v['aid']); $map['qid'] = $v['qid']; $ga = $a->where($map)->count(); $pa = floor($ga / $setting['reply_per_page']) + 1; if ($bestanswer == 1) { $notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '¬iceid=' . $v['id'] . '¬icepage=1&p=1') . '#qcs_0">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>'; //when question has bestanswer } else { $notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '¬iceid=' . $v['id'] . '¬icepage=' . $pa . '&p=' . $pa) . '#qcs_' . $ga % $setting['reply_per_page'] . '">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>'; } } } Session::set('inform', $notice_content); } } else { if (Session::get('inform') != NULL) { Session::set('inform', NULL); } } if ($user_arr['newmsg'] != 0) { if (Session::get('message') == NULL) { $msg = M('newmsg')->where(array('uid' => $this->uid))->limit(10)->select(); $message = ''; foreach ($msg as $k => $v) { $message .= '<a href="' . U('User/letterview?lid=' . $v['letterid'] . '&msgid=' . $v['id']) . '">' . $v['name'] . '给您发了一封站内信</a>'; } Session::set('message', $message); } } else { if (Session::get('message') != NULL) { Session::set('message', NULL); } } } if (!S('side_no_reply')) { $list = M('question')->where('answercount=0')->limit($this->setting['side_list_count'])->order('id desc')->select(); $result = NULL; if ($list == NULL) { $result = '<div class="no_focus_user">暂无未解决' . $this->sign . '</div>'; } else { foreach ($list as $k => $v) { $result .= '<a href="' . U('Question/view?qid=' . $v['id']) . '" class="side_list">' . $v['title'] . '</a>'; } } S('side_no_reply', $result, $this->setting['side_list_cachetime']); } if (!S('side_hot_user')) { $avatar_list = M('user')->order('score DESC')->limit(9)->field('id')->select(); S('side_hot_user', $avatar_list, $this->setting['side_list_cachetime']); } if (!S('side_recommend_question')) { $list = M('question')->limit($this->setting['side_list_count'])->order('recommendcount desc')->select(); $result = NULL; if ($list == NULL) { $result = '<div class="no_focus_user">暂无热门' . $this->sign . '</div>'; } else { foreach ($list as $k => $v) { $result .= '<a href="' . U('question/view?qid=' . $v['id']) . '" class="side_list">' . $v['title'] . '</a>'; } } S('side_recommend_question', $result, $this->setting['side_list_cachetime']); } }