www.gusucode.com > 08CMS空白站群系统 3.3 繁体 UTF-8 > upload/api/uc.php
<?php define('UC_CLIENT_VERSION','1.5.0'); define('UC_CLIENT_RELEASE','20090121'); define('API_DELETEUSER',1); define('API_RENAMEUSER',0); define('API_GETTAG',0); define('API_SYNLOGIN',1); define('API_SYNLOGOUT',1); define('API_UPDATEPW',1); define('API_UPDATEBADWORDS',0); define('API_UPDATEHOSTS',0); define('API_UPDATEAPPS',0); define('API_UPDATECLIENT',0); define('API_UPDATECREDIT',1); define('API_GETCREDITSETTINGS',1); define('API_GETCREDIT',1); define('API_UPDATECREDITSETTINGS',1); define('API_RETURN_SUCCEED','1'); define('API_RETURN_FAILED','-1'); define('API_RETURN_FORBIDDEN','-2'); define('M_COM',TRUE); define('M_ROOT',substr(dirname(__FILE__),0,-3)); error_reporting(0); set_magic_quotes_runtime(0); defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc()); require_once M_ROOT.'./base.inc.php'; require_once M_ROOT.'./dynamic/cache/mconfigs.cac.php'; @extract($mconfigs_0); require_once M_ROOT.'./include/ucenter/config.inc.php'; if(!$enable_uc) exit(API_RETURN_FAILED); $_DCACHE = $get = $post = array(); $code = @$_GET['code']; parse_str(_authcode($code, 'DECODE', UC_KEY), $get); if(MAGIC_QUOTES_GPC) $get = _stripslashes($get); $timestamp = time(); $authorization = md5($authkey.$_SERVER['HTTP_USER_AGENT']); if(empty($get)) exit('Invalid Request'); if($timestamp - $get['time'] > 3600) exit('Authracation has expiried'); $action = $get['action']; require_once M_ROOT.'./uc_client/lib/xml.class.php'; $post = xml_unserialize(file_get_contents('php://input')); if(in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcredit', 'getcreditsettings', 'updatecreditsettings'))) { require_once M_ROOT.'./include/mysql.cls.php'; $GLOBALS['db'] = new cls_mysql; $GLOBALS['db']->connect($dbhost,$dbuser,$dbpw,$dbname,$pconnect,true,$dbcharset); $GLOBALS['tablepre'] = $tblprefix; unset($dbhost,$dbuser,$dbpw,$dbname,$pconnect); $uc_note = new uc_note(); exit($uc_note->$get['action']($get, $post)); }else exit(API_RETURN_FAILED); class uc_note { var $db = ''; var $tablepre = ''; var $appdir = ''; function _serialize($arr, $htmlon = 0) { if(!function_exists('xml_serialize')) { include_once M_ROOT.'./uc_client/lib/xml.class.php'; } return xml_serialize($arr, $htmlon); } function uc_note() { $this->appdir = M_ROOT; $this->db = $GLOBALS['db']; $this->tablepre = $GLOBALS['tablepre']; } function test($get, $post) { return API_RETURN_SUCCEED; } function deleteuser($get, $post) { !API_DELETEUSER && exit(API_RETURN_FORBIDDEN); require_once M_ROOT.'./include/ucenter/config.inc.php'; require_once M_ROOT.'./uc_client/client.php'; $uids = array_filter(explode(',',$get['ids'])); $mnamestr = ''; foreach($uids as $uid){ $ucresult = uc_get_user($uid,1); is_array($ucresult) && $mnamestr .= ($mnamestr ? ',' : '')."'".addslashes($ucresult[1])."'"; } if($mnamestr){ $this->db->query("DELETE FROM ".$this->tablepre."members WHERE mname IN ($mnamestr)",'UNBUFFERED'); $this->db->query("DELETE FROM ".$this->tablepre."members_sub WHERE mname IN ($mnamestr)",'UNBUFFERED'); include_once M_ROOT.'./dynamic/cache/mchannels.cac.php'; foreach($mchannels_0 as $k => $v) $this->db->query("DELETE FROM ".$this->tablepre."members_$k WHERE mname IN ($mnamestr)",'UNBUFFERED'); } return API_RETURN_SUCCEED; } function renameuser($get, $post) { if(!API_RENAMEUSER) return API_RETURN_FORBIDDEN; return API_RETURN_SUCCEED; } function gettag($get, $post) { if(!API_GETTAG) return API_RETURN_FORBIDDEN; } function synlogin($get, $post) { if(!API_SYNLOGIN) return API_RETURN_FORBIDDEN; require_once M_ROOT.'./include/general.fun.php'; header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $mname = $get['username']; if($cmember = $this->db->fetch_one("SELECT mid,mname,password,email FROM ".$this->tablepre."members WHERE mname='$mname' AND checked=1")){ msetcookie('userauth',authcode("$cmember[password]\t$cmember[mid]",'ENCODE'),2592000); }else mclearcookie(); } function synlogout($get, $post) { if(!API_SYNLOGOUT) return API_RETURN_FORBIDDEN; header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); require_once M_ROOT.'./include/general.fun.php'; mclearcookie(); } function updatepw($get, $post) { if(!API_UPDATEPW) return API_RETURN_FORBIDDEN; $username = $get['username']; $password = $get['password']; $this->db->query("UPDATE ".$this->tablepre."members SET password='$password' WHERE mname='$username'");//??? return API_RETURN_SUCCEED; } function updatebadwords($get, $post) { if(!API_UPDATEBADWORDS) return API_RETURN_FORBIDDEN; return API_RETURN_SUCCEED; } function updatehosts($get, $post) { if(!API_UPDATEHOSTS) return API_RETURN_FORBIDDEN; return API_RETURN_SUCCEED; } function updateapps($get, $post) { if(!API_UPDATEAPPS) return API_RETURN_FORBIDDEN; return API_RETURN_SUCCEED; } function updateclient($get, $post) { if(!API_UPDATECLIENT) return API_RETURN_FORBIDDEN; return API_RETURN_SUCCEED; } function updatecredit($get, $post) { if(!API_UPDATECREDIT) return API_RETURN_FORBIDDEN; $credit = $get['credit']; $amount = $get['amount']; $uid = $get['uid']; $time = $get['time']; require_once M_ROOT.'./include/ucenter/config.inc.php'; require_once M_ROOT.'./uc_client/client.php'; $ucresult = uc_get_user($uid,1); if(!is_array($ucresult)) return API_RETURN_FAILED; $mname = $ucresult[1]; $row = $this->db->fetch_one("SELECT mid,mname FROM ".$this->tablepre."members WHERE mname='$mname'"); $this->db->query("UPDATE ".$this->tablepre."members SET currency$credit=currency$credit+'$amount' WHERE mid='$row[mid]'"); include_once M_ROOT.'./include/general.fun.php'; include_once M_ROOT.'./dynamic/cache/currencys.cac.php'; $record = mhtmlspecialchars($time."\t".$row['mid']."\t".$row['mname']."\t".$currencys_0[$credit]['cname']."\t".'+'."\t".$amount."\t".'ucenter currency exchange'); record2file('currencylog',$record); return API_RETURN_SUCCEED; } function getcredit($get, $post) { if(!API_GETCREDIT) return API_RETURN_FORBIDDEN; $uid = intval($get['uid']); $credit = intval($get['credit']); include_once M_ROOT.'./dynamic/cache/currencys.cac.php'; if(empty($currencys_0[$credit])) return 0; require_once M_ROOT.'./include/ucenter/config.inc.php'; require_once M_ROOT.'./uc_client/client.php'; $ucresult = uc_get_user($uid,1); if(!is_array($ucresult)) return 0; $mname = $ucresult[1]; return $this->db->result_first("SELECT currency$credit FROM ".$this->tablepre."members WHERE mname='$mname'"); } function getcreditsettings($get, $post){ if(!API_GETCREDITSETTINGS) return API_RETURN_FORBIDDEN; include_once M_ROOT.'./dynamic/cache/currencys.cac.php'; $credits = array(); foreach($currencys_0 as $k => $v) $credits[$k] = array(strip_tags($v['cname']),$v['unit']); return $this->_serialize($credits); } function updatecreditsettings($get, $post) { if(!API_UPDATECREDITSETTINGS) return API_RETURN_FORBIDDEN; $credit = $get['credit']; $outextcredits = array(); if($credit) { foreach($credit as $appid => $credititems) { if($appid == UC_APPID) { foreach($credititems as $value) { $outextcredits[] = array( 'appiddesc' => $value['appiddesc'], 'creditdesc' => $value['creditdesc'], 'creditsrc' => $value['creditsrc'], 'title' => $value['title'], 'unit' => $value['unit'], 'ratiosrc' => $value['ratiosrc'], 'ratiodesc' => $value['ratiodesc'], 'ratio' => $value['ratio'] ); } } } } $this->db->query("REPLACE INTO ".$this->tablepre."mconfigs (varname,value,cftype) VALUES ('outextcredits','".addslashes(serialize($outextcredits))."','uc');", 'UNBUFFERED'); include_once M_ROOT.'./include/general.fun.php'; include_once M_ROOT.'./include/cache.fun.php'; updatecache('mconfigs'); return API_RETURN_SUCCEED; } } function _setcookie($var, $value, $life = 0, $prefix = 1) { global $cookiepre, $cookiedomain, $cookiepath, $timestamp, $_SERVER; setcookie(($prefix ? $cookiepre : '').$var, $value, $life ? $timestamp + $life : 0, $cookiepath, $cookiedomain, $_SERVER['SERVER_PORT'] == 443 ? 1 : 0); } function _authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) { $ckey_length = 4; $key = md5($key ? $key : UC_KEY); $keya = md5(substr($key, 0, 16)); $keyb = md5(substr($key, 16, 16)); $keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : ''; $cryptkey = $keya.md5($keya.$keyc); $key_length = strlen($cryptkey); $string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string; $string_length = strlen($string); $result = ''; $box = range(0, 255); $rndkey = array(); for($i = 0; $i <= 255; $i++) { $rndkey[$i] = ord($cryptkey[$i % $key_length]); } for($j = $i = 0; $i < 256; $i++) { $j = ($j + $box[$i] + $rndkey[$i]) % 256; $tmp = $box[$i]; $box[$i] = $box[$j]; $box[$j] = $tmp; } for($a = $j = $i = 0; $i < $string_length; $i++) { $a = ($a + 1) % 256; $j = ($j + $box[$a]) % 256; $tmp = $box[$a]; $box[$a] = $box[$j]; $box[$j] = $tmp; $result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256])); } if($operation == 'DECODE') { if((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) { return substr($result, 26); } else { return ''; } } else { return $keyc.str_replace('=', '', base64_encode($result)); } } function _stripslashes($string) { if(is_array($string)) { foreach($string as $key => $val) { $string[$key] = _stripslashes($val); } } else { $string = stripslashes($string); } return $string; }