/** * User login, identify him and authorize him. * * @access public * @return void */ public function login($referer = '', $from = '') { $this->setReferer($referer); $loginLink = $this->createLink('user', 'login'); $denyLink = $this->createLink('user', 'deny'); /* Reload lang by lang of get when viewType is json. */ if ($this->app->getViewType() == 'json' and $this->get->lang and $this->get->lang != $this->app->getClientLang()) { $this->app->setClientLang($this->get->lang); $this->app->loadLang('user'); } /* If user is logon, back to the rerferer. */ if ($this->user->isLogon()) { if ($this->app->getViewType() == 'json') { $data = $this->user->getDataInJSON($this->app->user); die(helper::removeUTF8Bom(json_encode(array('status' => 'success') + $data))); } if (strpos($this->referer, $loginLink) === false and strpos($this->referer, $denyLink) === false and $this->referer) { die(js::locate($this->referer, 'parent')); } else { die(js::locate($this->createLink($this->config->default->module), 'parent')); } } /* Passed account and password by post or get. */ if (!empty($_POST) or isset($_GET['account']) and isset($_GET['password'])) { $account = ''; $password = ''; if ($this->post->account) { $account = $this->post->account; } if ($this->get->account) { $account = $this->get->account; } if ($this->post->password) { $password = $this->post->password; } if ($this->get->password) { $password = $this->get->password; } if ($this->user->checkLocked($account)) { $failReason = sprintf($this->lang->user->loginLocked, $this->config->user->lockMinutes); if ($this->app->getViewType() == 'json') { die(helper::removeUTF8Bom(json_encode(array('status' => 'failed', 'reason' => $failReason)))); } die(js::error($failReason)); } $user = $this->user->identify($account, $password); if ($user) { $this->user->cleanLocked($account); /* Authorize him and save to session. */ $user->rights = $this->user->authorize($account); $user->groups = $this->user->getGroups($account); $this->session->set('user', $user); $this->app->user = $this->session->user; $this->loadModel('action')->create('user', $user->id, 'login'); /* Keep login. */ if ($this->post->keepLogin) { $this->user->keepLogin($user); } /* Check password. */ if (isset($this->config->safe->mode) and $this->user->computePasswordStrength($password) < $this->config->safe->mode) { echo js::alert($this->lang->user->weakPassword); } /* Go to the referer. */ if ($this->post->referer and strpos($this->post->referer, $loginLink) === false and strpos($this->post->referer, $denyLink) === false) { if ($this->app->getViewType() == 'json') { $data = $this->user->getDataInJSON($user); die(helper::removeUTF8Bom(json_encode(array('status' => 'success') + $data))); } /* Get the module and method of the referer. */ if ($this->config->requestType == 'PATH_INFO') { $path = substr($this->post->referer, strrpos($this->post->referer, '/') + 1); $path = rtrim($path, '.html'); if (empty($path)) { $path = $this->config->requestFix; } list($module, $method) = explode($this->config->requestFix, $path); } else { $url = html_entity_decode($this->post->referer); $param = substr($url, strrpos($url, '?') + 1); list($module, $method) = explode('&', $param); $module = str_replace('m=', '', $module); $method = str_replace('f=', '', $method); } if (common::hasPriv($module, $method)) { die(js::locate($this->post->referer, 'parent')); } else { die(js::locate($this->createLink($this->config->default->module), 'parent')); } } else { if ($this->app->getViewType() == 'json') { $data = $this->user->getDataInJSON($user); die(helper::removeUTF8Bom(json_encode(array('status' => 'success') + $data))); } die(js::locate($this->createLink($this->config->default->module), 'parent')); } } else { $fails = $this->user->failPlus($account); if ($this->app->getViewType() == 'json') { die(helper::removeUTF8Bom(json_encode(array('status' => 'failed', 'reason' => $this->lang->user->loginFailed)))); } $remainTimes = $this->config->user->failTimes - $fails; if ($remainTimes <= 0) { die(js::error(sprintf($this->lang->user->loginLocked, $this->config->user->lockMinutes))); } else { if ($remainTimes <= 3) { die(js::error(sprintf($this->lang->user->lockWarning, $remainTimes))); } } die(js::error($this->lang->user->loginFailed)); } } else { if (!empty($this->config->global->showDemoUsers)) { $demoUsers = $this->user->getPairs('nodeleted, noletter, noempty, noclosed'); $this->view->demoUsers = $demoUsers; } $this->app->loadLang('misc'); $this->view->noGDLib = sprintf($this->lang->misc->noGDLib, common::getSysURL() . $this->config->webRoot); $this->view->title = $this->lang->user->login; $this->view->referer = $this->referer; $this->view->s = zget($this->config->global, 'sn'); $this->view->keepLogin = $this->cookie->keepLogin ? $this->cookie->keepLogin : '******'; $this->display(); } }
/* Start output buffer. */ ob_start(); /* Define the run mode as admin. */ define('RUN_MODE', 'admin'); /* Load the framework.*/ include 'loader.php'; /* Check admin entry. */ checkAdminEntry(); /* Instance the app. */ $app = router::createApp('chanzhi', $systemRoot); $config = $app->config; /* Check the reqeust is getconfig or not. Check installed or not. */ if (isset($_GET['mode']) and $_GET['mode'] == 'getconfig') { die($app->exportConfig()); } if (!isset($config->installed) or !$config->installed) { die(header('location: install.php')); } /* Change the request settings. */ $config->frontRequestType = $config->requestType; $config->requestType = 'GET'; $config->default->module = 'admin'; $config->default->method = 'index'; /* Run it. */ $common = $app->loadCommon(); $app->parseRequest(); $common->checkPriv(); $app->loadModule(); /* Flush the buffer. */ echo helper::removeUTF8Bom(ob_get_clean());
/** * Send data directly, for ajax requests. * * @param misc $data * @param string $type * @access public * @return void */ public function send($data, $type = 'json') { if ($type == 'json') { echo json_encode($data); } die(helper::removeUTF8Bom(ob_get_clean())); }
/** * Send data directly, for ajax requests. * * @param misc $data * @param string $type * @access public * @return void */ public function send($data, $type = 'json') { $data = (array) $data; if ($type == 'json') { if (!helper::isAjaxRequest()) { if (isset($data['result']) and $data['result'] == 'success') { if (!empty($data['message'])) { echo js::alert($data['message']); } $locate = isset($data['locate']) ? $data['locate'] : (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''); if (!empty($locate)) { die(js::locate($locate)); } die(isset($data['message']) ? $data['message'] : 'success'); } if (isset($data['result']) and $data['result'] == 'fail') { if (!empty($data['message'])) { $message = json_decode(json_encode((array) $data['message'])); foreach ((array) $message as $item => $errors) { $message->{$item} = implode(',', $errors); } echo js::alert(strip_tags(implode(" ", (array) $message))); die(js::locate('back')); } } } echo json_encode($data); } die(helper::removeUTF8Bom(ob_get_clean())); }