public static function submitcheck($var, $allowget = 0)
{
if (empty($GLOBALS[$var])) {
return FALSE;
} else {
global $_SERVER, $seclevel, $seccode, $seccodedata, $seccodeverify, $secanswer, $_NCACHE, $_DCOOKIE, $timestamp, $discuz_uid;
if ($allowget || $_SERVER['REQUEST_METHOD'] == 'POST' && $GLOBALS['formhash'] == GlobalCore::formhash() && empty($_SERVER['HTTP_X_FLASH_VERSION']) && (empty($_SERVER['HTTP_REFERER']) || preg_replace("/https?:\\/\\/([^\\:\\/]+).*/i", "\\1", $_SERVER['HTTP_REFERER']) == preg_replace("/([^\\:]+).*/", "\\1", $_SERVER['HTTP_HOST']))) {
return TRUE;
} else {
GlobalCore::showmessage('submit_invalid');
}
}
}
} else {
$md5_password = md5($password);
$password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
}
if (preg_match("%^[A-Za-z][A-Za-z0-9]*_?[A-Za-z0-9]*\$%i", $email)) {
$where = "m.username = '******'";
} else {
$where = "m.email = '{$email}'";
}
$query = $db->query("SELECT m.uid AS nw_uid, m.username AS nw_user, m.nickname AS nw_nick,m.password AS nw_pw,\r\n\t\t\t\t\tm.adminid, m.groupid, m.lastvisit\r\n\t\t\t\t\tFROM {$tablepre}members m\r\n\t\t\t\t\tWHERE {$where}");
$member = $db->fetch_array($query);
if ($member['nw_uid'] && $member['nw_pw'] == $md5_password) {
extract($member);
$nw_userss = $nw_user;
$nw_user = addslashes($nw_user);
$nw_nick = addslashes($nw_nick);
$styleid = 1;
$cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] : ($_DCOOKIE['cookietime'] ? $_DCOOKIE['cookietime'] : 0));
GlobalCore::chobits_setcookie('cookietime', $cookietime, 31536000);
GlobalCore::chobits_setcookie('auth', GlobalCore::authcode("{$nw_pw}\t{$nw_uid}", 'ENCODE'), $cookietime);
$sessionexists = 0;
GlobalCore::showmessage('login_succeed', NWDIR, 'DONE');
}
$errorlog = GlobalCore::nwHtmlspecialchars($timestamp . "\t" . ($member['nw_user'] ? $member['nw_user'] : stripslashes($username)) . "\t" . $password . "\t" . $onlineip);
GlobalCore::writelog('illegallog', $errorlog);
GlobalCore::loginfailed($loginperm);
GlobalCore::showmessage('login_invalid', NWDIR . '/login', 'HALTED');
}
} else {
GlobalCore::showmessage('undefined_action');
}
public static function RecvPortraits($input_name, $img_id, $dir, $hash_type = 'null')
{
if (GlobalCore::disuploadedfile($_FILES[$input_name]['tmp_name']) && $_FILES[$input_name]['tmp_name'] != 'none' && $_FILES[$input_name]['tmp_name'] && trim($_FILES[$input_name]['name'])) {
$pic_extarray = array('gif', 'jpg', 'png');
$_FILES[$input_name]['name'] = GlobalCore::chobits_addslashes($_FILES[$input_name]['name']);
$pic_ext = strtolower(GlobalCore::fileext($_FILES[$input_name]['name']));
if (is_array($pic_extarray) && !in_array($pic_ext, $pic_extarray)) {
GlobalCore::showmessage('profile_avatar_invalid');
}
if ($hash_type == 'id') {
$filename = $img_id;
$pic = $dir . '/l/' . GlobalCore::mkdir_by_uid($img_id, NOWHERE_ROOT . $dir . '/l') . '/' . $filename . '.' . $pic_ext;
} else {
$filename = $img_id . '_' . GlobalCore::random(5);
$pic = $dir . '/l/' . GlobalCore::mkdir_hash($img_id, NOWHERE_ROOT . $dir . '/l') . '/' . $filename . '.' . $pic_ext;
}
$pic_target = NOWHERE_ROOT . './' . $pic;
if (!@copy($_FILES[$input_name]['tmp_name'], $pic_target)) {
@move_uploaded_file($_FILES[$input_name]['tmp_name'], $pic_target);
}
if (file_exists($pic_target)) {
$port['pic'] = $pic;
$port['filename'] = $filename;
$port['pic_target'] = $pic_target;
$port['pic_ext'] = $pic_ext;
return $port;
}
}
}
public static function UpdateSettings()
{
global $db, $nw_uid, $nw_pw, $tablepre, $timestamp, $adminid, $basic_settings, $webservice_settings, $password_old, $password_new, $password_new2;
$define_settings = self::FetchDefineSettings();
foreach ($define_settings as $key) {
$val = GlobalCore::chobits_addslashes(trim($_POST[$key]));
$db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('{$key}', '{$val}')");
}
if ($_POST['nickname']) {
$nickname = GlobalCore::chobits_addslashes(GlobalCore::cutstr(GlobalCore::nwHtmlspecialchars($_POST['nickname']), 25, ''));
$avatar = GlobalCore::chobits_addslashes(GlobalCore::nwHtmlspecialchars($_POST['avatar']));
$db->query("UPDATE {$tablepre}members SET nickname='{$nickname}',avatar='{$avatar}' WHERE uid = '{$nw_uid}'");
$db->query("REPLACE INTO {$tablepre}settings (variable, value) VALUES ('avatar', '{$avatar}')");
}
if ($_POST['password_new']) {
if (md5($password_old) != $nw_pw) {
GlobalCore::showmessage('profile_passwd_wrong', NULL, 'HALTED');
}
if ($password_new) {
if ($password_new != addslashes($password_new)) {
GlobalCore::showmessage('profile_passwd_illegal');
} elseif ($password_new != $password_new2) {
GlobalCore::showmessage('profile_passwd_notmatch');
}
$newpasswd = md5($password_new);
$db->query("UPDATE {$tablepre}members SET password ='******' WHERE uid = '{$nw_uid}'");
GlobalCore::showmessage('password_set_succeed', NWDIR . '/login', 'DONE');
}
}
self::UpdateSettingsCache();
GlobalCore::nwHeader('Location: ' . NWDIR . '/settings');
}
