<?php
// 创建新帖
!defined('DEBUG') and exit('Access Denied.');
include './xiunophp/xn_html_safe.func.php';
include './xiunophp/image.func.php';
$action = param(1);
$user = user_read($uid);
empty($user) and $user = user_guest();
if ($action == 'create') {
$tid = param(2);
$quick = param(3);
$thread = thread_read($tid);
empty($thread) and message(3, '主题不存在:' . $tid);
$fid = $thread['fid'];
$forum = forum_read($fid);
empty($forum) and message(3, '板块不存在:' . $fid);
$r = forum_access_user($fid, $gid, 'allowpost');
if (!$r) {
if ($gid == 0) {
$r = forum_access_user($fid, 101, 'allowpost');
$r and user_login_check($user);
}
message(10, '您(' . $user['groupname'] . ')无权限在此版块发帖');
}
$conf['ipaccess_on'] and !ipaccess_check($longip, 'posts') and message(-1, '您的 IP 今日回帖数达到上限,请明天再来。');
if ($method == 'GET') {
check_standard_browser();
include './flarum/view/post_create.htm';
} else {
$agree = param('agree', 0);
$state = user_create(array('username' => $username, 'password' => md5($password . $salt), 'salt' => $salt, 'gid' => $gid, 'email' => $email, 'mobile' => $mobile, 'create_ip' => ip2long(ip()), 'create_date' => $time));
$state !== FALSE ? message(0, '创建成功') : message(11, '创建失败');
}
} elseif ($action == 'update') {
$uid = param(2, 0);
if ($method == 'GET') {
$header['title'] = '用户更新';
$user = user_read($uid);
include "./admin/view/user_update.htm";
} elseif ($method == 'POST') {
$mobile = param('mobile');
$email = param('email');
$username = param('username');
$password = param('password');
$gid = param('gid');
$old = user_read($uid);
$email and !is_email($email, $err) and message(2, $err);
if ($email and $old['email'] != $email) {
$user = user_read_by_email($email);
$user and message(2, '用户 EMAIL 已经存在');
}
$arr = array();
$arr['email'] = $email;
// 非管理员(gid = 1),不允许修改其他用户的手机号、用户名、用户组、密码
if ($user['gid'] == 1) {
$mobile and !is_mobile($mobile, $err) and message(1, $err);
//$username AND !is_username($username, $err) AND message(3, $err);
if ($mobile and $old['mobile'] != $mobile) {
$user = user_read_by_mobile($mobile);
$user and message(1, '用户手机已经存在');
}
function forum_filter_moduid($moduids)
{
$moduids = trim($moduids);
if (empty($moduids)) {
return '';
}
$arr = explode(',', $moduids);
$r = array();
foreach ($arr as $_uid) {
$_uid = intval($_uid);
$_user = user_read($_uid);
if (empty($_user)) {
continue;
}
if ($_user['gid'] > 4) {
continue;
}
$r[] = $_uid;
}
return implode(',', $r);
}
$fid = $thread['fid'];
$tid = $thread['tid'];
if (forum_access_mod($fid, $gid, 'allowmove')) {
thread_update($tid, array('fid' => $newfid));
$arr = array('uid' => $uid, 'tid' => $thread['tid'], 'pid' => $thread['firstpid'], 'subject' => $thread['subject'], 'comment' => '', 'create_date' => $time, 'action' => 'move');
modlog_create($arr);
}
}
message(0, '移动完成');
}
}
} elseif ($action == 'deleteuser') {
$_uid = param(2, 0);
$method != 'POST' and message(-1, 'Method error');
empty($group['allowdeleteuser']) and message(-1, '您无权删除用户');
$u = user_read($_uid);
empty($u) and message(-1, '用户不存在或者已经被删除。');
$u['gid'] < 6 and message(-1, '不允许删除管理组,请先调整用户用户组。');
$r = user_delete($_uid);
$r === FALSE ? message(-1, '删除失败') : message(0, '删除成功');
} elseif ($action == 'banip') {
$method != 'POST' and message(-1, 'Method error');
$_ip = xn_urldecode(param(2));
empty($_ip) and message(-1, 'IP 为空');
$_ip = long2ip(ip2long($_ip));
// 安全过滤
$day = intval(xn_urldecode(param(3)));
empty($group['allowbanuser']) and message(-1, '您无权禁止 IP');
$arr = explode('.', $_ip);
$arr[0] == '0' and message(-1, 'IP 地址不能以 0 开头。');
$banip = banip_read_by_ip($_ip);
<?php
!defined('DEBUG') and exit('Access Denied.');
include './xiunophp/xn_html_safe.func.php';
$action = param(1);
$uid and $user = user_read($uid);
empty($user) and $user = user_guest();
// 发表主题帖
if ($action == 'create') {
$conf['ipaccess_on'] and !ipaccess_check($longip, 'threads') and message(-1, '您的 IP 今日发表主题数达到上限,请明天再来。');
if ($method == 'GET') {
check_standard_browser();
$fid = param(2, 0);
$forumlist_allowthread = forum_list_access_filter($forumlist, $gid, 'allowthread');
$forumarr = xn_json_encode(arrlist_key_values($forumlist_allowthread, 'fid', 'name'));
if (empty($forumlist_allowthread)) {
message(-1, '您所在的用户组没有权限发主题');
// header("Location:user-login.htm");
exit;
}
$header['title'] = '发帖' . ($uid == 0 ? ' [匿名模式]' : '');
include './pc/view/thread_create.htm';
} else {
$fid = param('fid', 0);
$forum = forum_read($fid);
empty($forum) and message(3, '板块不存在' . $fid);
$r = forum_access_user($fid, $gid, 'allowthread');
if (!$r) {
if ($gid == 0) {
$r = forum_access_user($fid, 101, 'allowthread');
$r and user_login_check($user);
function user_login_check($user)
{
$user['uid'] == 0 and message(10001, jump('请登录', 'user-login.htm'));
$dbuser = user_read($user['uid']);
$dbuser['password'] != $user['password'] and message(10002, jump('密码已经修改,请重新登录', 'user-login.htm'));
return $user;
}
function user_auth_check($token)
{
global $time;
$auth = param(2);
$s = decrypt($auth);
empty($s) and message(-1, '解密失败');
$arr = explode('-', $s);
count($arr) != 3 and message(-1, '数据解密失败');
list($_ip, $_time, $_uid) = $arr;
$_user = user_read($_uid);
empty($_user) and message(-1, '用户不存在');
$time - $_time > 3600 and message(-1, '链接已经过期');
return $_user;
}
$header['title'] = '重置密码';
include './mobile/view/user_resetpw.htm';
}
} else {
$_uid = param(1, 0);
$pid = param(2, 0);
// 接受 pid,通过 pid 查询 userip
if ($_uid == 0) {
$post = post_read($pid);
$_ip = long2ip($post['userip']);
$_ip_url = xn_urlencode($_ip);
$banip = banip_read_by_ip($_ip);
$_user = user_guest();
} else {
$banip = array();
$_user = user_read($_uid);
$_ip = long2ip($_user['create_ip']);
$_ip_url = xn_urlencode($_ip);
}
$header['title'] = $_user['username'];
include './mobile/view/user_profile.htm';
}
// 获取用户来路
function user_http_referer()
{
$referer = param('referer');
// 优先从参数获取
empty($referer) and $referer = array_value($_SERVER, 'HTTP_REFERER', '');
$referer = str_replace(array('\\"', '"', '<', '>', ' ', '*', "\t", "\r", "\n"), '', $referer);
// 干掉特殊字符
if (!preg_match('#^(http|https)://[\\w\\-=/\\.]+/[\\w\\-=.%\\#?]*$#is', $referer) || strpos($referer, 'user-login.htm') !== FALSE || strpos($referer, 'user-logout.htm') !== FALSE || strpos($referer, 'user-create.htm') !== FALSE) {
function qq_login_create_user($username, $avatar_url_2, $openid)
{
global $conf, $time, $longip;
$arr = qq_login_read_user_by_openid($openid);
if ($arr) {
return xn_error(-2, '已经注册');
}
// 自动产生一个用户名
$r = user_read_by_username($username);
if ($r) {
$username = $username . '_' . $time;
$r = user_read_by_username($username);
if ($r) {
return xn_error(-1, '用户名被占用。');
}
}
// 自动产生一个 Email
$email = "qq_{$time}@qq.com";
$r = user_read_by_email($email);
if ($r) {
return xn_error(-1, 'Email 被占用');
}
// 随机密码
$password = md5(rand(1000000000, 9999999999) . $time);
$user = array('username' => $username, 'email' => $email, 'password' => $password, 'gid' => 101, 'salt' => rand(100000, 999999), 'create_date' => $time, 'create_ip' => $longip, 'avatar' => 0, 'logins' => 1, 'login_date' => $time, 'login_ip' => $longip);
$uid = user_create($user);
if (empty($uid)) {
return xn_error(-1, '注册失败');
}
$user = user_read($uid);
$r = db_exec("INSERT INTO bbs_user_open_plat SET uid='{$uid}', platid='1', openid='{$openid}'");
if (empty($uid)) {
return xn_error(-1, '注册失败');
}
runtime_set('users+', '1');
runtime_set('todayusers+', '1');
// 头像不重要,忽略错误。
if ($avatar_url_2) {
$filename = "{$uid}.png";
$dir = substr(sprintf("%09d", $uid), 0, 3) . '/';
$path = $conf['upload_path'] . 'avatar/' . $dir;
!is_dir($path) and mkdir($path, 0777, TRUE);
$data = file_get_contents($avatar_url_2);
file_put_contents($path . $filename, $data);
user_update($uid, array('avatar' => $time));
}
return $user;
}