示例#1
0
 function refresh($user)
 {
     $uid = $user['uid'];
     $password = $user['password'];
     $this->base->user = $user;
     $auth = strcode("{$uid}\t{$password}", AUTH_KEY, 'ENCODE');
     tcookie('auth', $auth, DAY * 30);
 }
示例#2
0
 function init_user()
 {
     @($auth = tcookie('auth'));
     $user = array('uid' => 0);
     @(list($uid, $password) = empty($auth) ? array(0, 0) : taddslashes(explode("\t", strcode($auth, AUTH_KEY, 'DECODE')), 1));
     if ($uid && $password) {
         $finduser = $this('user')->findById($uid);
         $finduser && $password == $finduser['password'] && ($user = $finduser);
     }
     $user['ip'] = $this->ip;
     $this->user = $user;
 }
示例#3
0
 public function check($aid = 0)
 {
     $isajax = $this->input->is_ajax_request();
     if (!$isajax) {
         return false;
     }
     $this->load->library('verify');
     $status = $this->verify->check();
     $status = $status ? 1 : 0;
     if ($status) {
         //write aid cookie
         $string = $aid . "\thk8" . date('H:i:s');
         $str = strcode($string, $encode = true);
         setcookie('hk8_verify_topic_dw', $str, time() + 3600, '/');
     }
     die("{$status}");
 }
 function login_sub()
 {
     $_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit;
     if (isset($_COOKIE['qcs_auth'])) {
         $id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
         (!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index');
     } else {
         $this->redirect('Account/login');
     }
     if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) {
         Session::set('aid', 1);
         $this->redirect('Admin/main');
     } else {
         $this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>');
         $this->display('Admin/login');
     }
 }
示例#5
0
header('Content-type: text/html; charset=UTF-8');
/*$get=taddslashes($_GET);
$post=taddslashes($_POST);
*/
$get = $_GET;
$post = $_POST;
unset($GLOBALS, $_ENV, $_GET, $_POST);
empty($get['c']) && ($get['c'] = 'index');
empty($get['a']) && ($get['a'] = 'default');
define('ACTION', $get['a']);
define('REGULAR', $get['c'] . '/' . $get['a']);
//load control...
$controlfile = APP_ROOT . '/control/' . $get['c'] . '.php';
if (false === @(include $controlfile)) {
    notfound('control file "' . $controlfile . '" not found!');
}
$controlname = $get['c'] . 'control';
$control = new $controlname($get, $post);
$method = strtolower('on' . $get['a']);
if (method_exists($control, $method)) {
    $isajax = 0 === strpos($get['a'], 'ajax');
    if ($control->checkable(REGULAR) || $isajax) {
        $control->{$method}();
    } else {
        $querystring = strcode($_SERVER["QUERY_STRING"], '', 'ENCODE');
        tcookie('querystring', $querystring, 86400);
        $control->message('您无权进行当前操作,原因如下:<br/> 您所在的用户组(' . $control->user['title'] . ')无法进行此操作。', 'c=user&a=login');
    }
} else {
    notfound('control "' . $controlname . '" method "' . $method . '" not found!');
}
示例#6
0
$member['cookietime'] = $member['cktime'] ? $member['cktime'] - TIME : 0;
if ($action == 'login') {
    $member['username'] = preg_replace("/(c:\\con\\con\$|[%,\\*\"\\s\t\\<\\>\\&])/i", "", $member['username']);
    if (strlen($member['username']) > 20) {
        $member['username'] = substr($member['username'], 0, 20);
    }
    if (empty($member['time']) || empty($member['username']) || empty($member['password'])) {
        exit('Lack of required parameters!');
    } elseif ($setting['passport_expire'] && TIME - $member['time'] > $setting['passport_expire']) {
        exit('Request expired!');
    }
    $user = $db->fetch_first("SELECT * FROM " . DB_TABLEPRE . "user WHERE username='******'username'] . "'");
    if ($user) {
        $uid = $user['uid'];
        //	$user->edit($member);
    } else {
        $credit1 = $setting['credit1_register'];
        $credit2 = $setting['credit2_register'];
        $db->query("INSERT INTO " . DB_TABLEPRE . "user(username,password,email,credit1,credit2) values ('{$member['username']}','{$member['password']}','{$member['email']}',{$credit1},{$credit2})");
        $uid = $db->insert_id();
        $db->query("INSERT INTO " . DB_TABLEPRE . "credit(uid,time,operation,credit1,credit2) VALUES ({$uid}," . TIME . ",'user/register',{$credit1},{$credit2}) ");
    }
    $forward = empty($forward) ? $setting['passport_server'] : $forward;
    $auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE');
    tcookie('auth', $auth, 24 * 3600 * 365);
} elseif ($action == 'logout' || $action == 'quit') {
    tcookie('sid', '');
    tcookie('auth', '');
    $forward = empty($forward) ? $setting['passport_server'] : $forward;
}
header('location:' . $forward);
 function activate_receive()
 {
     $this->uid != NULL && exit('Access Denied!');
     $this->toclose();
     $info = unserialize(Session::get('activate_info'));
     ($this->setting['ucenter_on'] != 1 || $info == NULL || $info[0] < 0 || !$this->isAjax() || $this->uid != NULL) && exit('Access Denied!');
     $user = M('user');
     $user->where(array('name' => $info[1]))->count() != 0 && exit('失败:用户名被占用');
     $user->where(array('email' => $info[3]))->count() != 0 && exit('失败:邮箱被占用');
     if ($id = $user->add(array('name' => $info[1], 'pwd' => pwd_encode($info[2]), 'email' => $info[3], 'province' => $this->post['province'], 'city' => $this->post['city'], 'county' => $this->post['county']))) {
         $auth_id = strcode($id . "\t" . md5($this->setting['auth_key']), $this->setting['auth_key'], 'ENCODE');
         if ($info['auto'] == 1) {
             setcookie('qcs_auth', $auth_id, time() + 365 * 24 * 3600, '/');
         } else {
             if ($this->post['is_auto'] == 0) {
                 setcookie('qcs_auth', $auth_id, NULL, '/');
             }
         }
         Session::set('activate_info', NULL);
         echo '激活成功,点此进入首页' . uc_user_synlogin($info[0]);
     }
 }
示例#8
0
}
if (isset($user)) {
    $userdb['uid'] = $user['userid'];
    $userdb['username'] = $user['passport'];
    $userdb['password'] = $user['password'];
    $userdb['email'] = $user['email'];
    $userdb['gender'] = $user['gender'];
    $userdb['credit'] = $user['credit'];
    $userdb['time'] = $DT_TIME;
    $userdb['cktime'] = $cookietime > 0 ? $DT_TIME + $cookietime : 0;
}
$userdb_encode = '';
foreach ($userdb as $key => $val) {
    $userdb_encode .= $userdb_encode ? "&{$key}={$val}" : "{$key}={$val}";
}
$userdb_encode = str_replace('=', '', strcode($userdb_encode));
if ($action == 'login') {
    $verify = md5('login' . $userdb_encode . $forward . $MOD['passport_key']);
    $api_url = $jumpurl . '/passport_client.php?action=login&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($forward) . '&verify=' . rawurlencode($verify);
} else {
    if ($action == 'logout') {
        $verify = md5('quit' . $userdb_encode . $forward . $MOD['passport_key']);
        $api_url = $jumpurl . '/passport_client.php?action=quit&userdb=' . rawurlencode($userdb_encode) . '&forward=' . rawurlencode($forward) . '&verify=' . rawurlencode($verify);
    }
}
function strcode($string, $action = 'ENCODE')
{
    global $MOD;
    $key = substr(md5($_SERVER["HTTP_USER_AGENT"] . $MOD['passport_key']), 8, 18);
    $string = $action == 'ENCODE' ? $string : base64_decode($string);
    $len = strlen($key);
示例#9
0
文件: uc.php 项目: eappl/prototype
 function synlogin($get, $post)
 {
     global $db, $setting;
     $uid = $get['uid'];
     $username = $get['username'];
     if (!API_SYNLOGIN) {
         return API_RETURN_FORBIDDEN;
     }
     header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
     $member = $db->fetch_first("select * from " . DB_TABLEPRE . "user  where username='******'");
     if (is_array($member)) {
         $auth = strcode("{$uid}\t" . $member['password'], $setting['auth_key'], 'ENCODE');
         tcookie('auth', $auth, 31536000);
     } else {
         tcookie('loginuser', $username, $cookietime);
     }
 }
示例#10
0
 public function _initialize()
 {
     if (!F('setting')) {
         $setting = M('setting')->select();
         $set = array();
         foreach ($setting as $k => $v) {
             $set[$v['name']] = $v['value'];
         }
         F('setting', $set);
     }
     $this->assign('setting', F('setting'));
     $this->setting = F('setting');
     $setting = F('setting');
     $this->sign = $this->setting['is_quora'] == 0 ? '帖子' : '问题';
     $this->assign('sign', $this->sign);
     $this->setting['ucenter_on'] == 1 && (include CONFIG_PATH . '/uc_config.php') . (include './uc_client/client.php');
     $u = M('user');
     if (Session::get('uid') == NULL && $this->setting['ucenter_on'] == 1 && isset($_COOKIE['qcs_ucenter'])) {
         $name = explode("\t", uc_authcode($_COOKIE['qcs_ucenter'], 'DECODE'));
         $i = uc_get_user($name[1]);
         $uid = $u->where(array('name' => remove_xss($i[1]), 'email' => remove_xss($i[2])))->getField('id');
         Session::set('uid', $uid);
     } else {
         if (Session::get('uid') == NULL && isset($_COOKIE['qcs_auth'])) {
             $id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
             $uid = is_numeric($id[0]) ? $id[0] : NULL;
             Session::set('uid', $uid);
         }
     }
     $this->uid = Session::get('uid');
     $user_arr = $this->uid != NULL ? $u->where(array('id' => $this->uid))->find() : NULL;
     /*Using function remove_xss and token to filter all of the dangerous xss POST or GET content or remote data from the browser-start*/
     if ($_POST) {
         $po = array();
         foreach ($_POST as $k => $v) {
             $po[$k] = remove_xss(htmlspecialchars($v));
         }
         $this->post = $po;
         $this->post['ha'] != Session::get('ha') && exit('Access denied! hash value');
         //对所有post的值均要先验证客户端hash值,防止远程提交
     }
     if ($_GET) {
         $g = array();
         foreach ($_GET as $k => $v) {
             $g[$k] = remove_xss(htmlspecialchars($v));
         }
         $this->get = $g;
     }
     /*Using function remove_xss and token to filter all of the dangerous xss POST or GET content or remote data from the browser-end*/
     import("ORG.Util.Page");
     if ($this->get['noticeid']) {
         $notify = M('notice');
         $n = $notify->where(array('id' => $this->get['noticeid']))->find();
         if ($n != NULL && $n['uid'] == $this->uid) {
             $notify->where(array('id' => $this->get['noticeid']))->delete();
             $u->where(array('id' => $this->uid))->setDec('newnotice');
             if ($user_arr != NULL) {
                 $user_arr['newnotice'] = $user_arr['newnotice'] - 1;
             }
         }
     }
     if ($this->get['msgid'] != NULL) {
         $Newmsg = M('newmsg');
         $newmsg = $Newmsg->where(array('id' => $this->get['msgid']))->find();
         if ($newmsg != NULL && $newmsg['uid'] == $this->uid) {
             $Newmsg->where(array('id' => $this->get['msgid']))->delete();
             $msgcount = $Newmsg->where(array('uid' => $this->uid))->count();
             $u->where(array('id' => $this->uid))->save(array('newmsg' => $msgcount));
             if ($user_arr != NULL) {
                 $user_arr['newmsg'] = $user_arr['newmsg'] - 1;
             }
         }
     }
     $this->assign('user', $user_arr);
     $this->username = $user_arr['name'];
     if (!F('category')) {
         $category = M('category')->select();
         F('category', $category);
     }
     !Session::get('ha') && Session::set('ha', md5(rand(0, 99999) . uniqid()));
     //生成HASH值防止远程提交,所有post值均要传递此参数,否则首先被阻止
     $this->assign('ha', Session::get('ha'));
     if ($this->uid != NULL) {
         if ($user_arr['newnotice'] != 0) {
             if (Session::get('inform') == NULL) {
                 $notice = M('notice')->where(array('uid' => $this->uid))->limit(5)->select();
                 $a = M('answer');
                 $notice_content = '';
                 foreach ($notice as $k => $v) {
                     if ($v['aid'] == 0) {
                         $notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '&noticeid=' . $v['id']) . '">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>';
                     } else {
                         $bestanswer = $a->where(array('id' => $v['aid']))->getField('bestanswer');
                         $map['id'] = array('lt', $v['aid']);
                         $map['qid'] = $v['qid'];
                         $ga = $a->where($map)->count();
                         $pa = floor($ga / $setting['reply_per_page']) + 1;
                         if ($bestanswer == 1) {
                             $notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '&noticeid=' . $v['id'] . '&noticepage=1&p=1') . '#qcs_0">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>';
                             //when question has bestanswer
                         } else {
                             $notice_content .= '<a href="' . U('Question/view?qid=' . $v['qid'] . '&noticeid=' . $v['id'] . '&noticepage=' . $pa . '&p=' . $pa) . '#qcs_' . $ga % $setting['reply_per_page'] . '">' . $v['title'] . '<div class="a_list">' . $v['content'] . '</div></a>';
                         }
                     }
                 }
                 Session::set('inform', $notice_content);
             }
         } else {
             if (Session::get('inform') != NULL) {
                 Session::set('inform', NULL);
             }
         }
         if ($user_arr['newmsg'] != 0) {
             if (Session::get('message') == NULL) {
                 $msg = M('newmsg')->where(array('uid' => $this->uid))->limit(10)->select();
                 $message = '';
                 foreach ($msg as $k => $v) {
                     $message .= '<a href="' . U('User/letterview?lid=' . $v['letterid'] . '&msgid=' . $v['id']) . '">' . $v['name'] . '给您发了一封站内信</a>';
                 }
                 Session::set('message', $message);
             }
         } else {
             if (Session::get('message') != NULL) {
                 Session::set('message', NULL);
             }
         }
     }
     if (!S('side_no_reply')) {
         $list = M('question')->where('answercount=0')->limit($this->setting['side_list_count'])->order('id desc')->select();
         $result = NULL;
         if ($list == NULL) {
             $result = '<div class="no_focus_user">暂无未解决' . $this->sign . '</div>';
         } else {
             foreach ($list as $k => $v) {
                 $result .= '<a href="' . U('Question/view?qid=' . $v['id']) . '" class="side_list">' . $v['title'] . '</a>';
             }
         }
         S('side_no_reply', $result, $this->setting['side_list_cachetime']);
     }
     if (!S('side_hot_user')) {
         $avatar_list = M('user')->order('score DESC')->limit(9)->field('id')->select();
         S('side_hot_user', $avatar_list, $this->setting['side_list_cachetime']);
     }
     if (!S('side_recommend_question')) {
         $list = M('question')->limit($this->setting['side_list_count'])->order('recommendcount desc')->select();
         $result = NULL;
         if ($list == NULL) {
             $result = '<div class="no_focus_user">暂无热门' . $this->sign . '</div>';
         } else {
             foreach ($list as $k => $v) {
                 $result .= '<a href="' . U('question/view?qid=' . $v['id']) . '" class="side_list">' . $v['title'] . '</a>';
             }
         }
         S('side_recommend_question', $result, $this->setting['side_list_cachetime']);
     }
 }