www.gusucode.com > 08CMS空白站群系统 3.3 繁体 UTF-8 > upload/passport_in.php
<?php
error_reporting(0);
define('M_COM', TRUE);
$timestamp = time();
if(PHP_VERSION < '4.1.0') {
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
}
require_once './base.inc.php';
require_once './dynamic/cache/mconfigs.cac.php';
require_once './include/mysql.cls.php';
extract($mconfigs_0);
if(empty($enable_pptin) || $_GET['verify'] != md5($_GET['action'].$_GET['auth'].$_GET['forward'].$pptin_key)){
if(!empty($_GET['forward'])) header('Location: '.$_GET['forward']);
exit();
}
if($_GET['action'] == 'login'){
$userinfos = $ckinfos = array();
parse_str(passport_decrypt($_GET['auth'],$pptin_key),$datas);
foreach($datas as $k => $v){
if(in_array($k,array('mname','password','email'))){
$userinfos[$k] = addslashes($v);
}elseif(in_array($k,array('cookietime','time'))){
$ckinfos[$k] = $v;
}
}
$userinfos['mname'] = preg_replace("/(c:\\con\\con$|[%,\*\"\s\t\<\>\&])/i","",$userinfos['mname']);
if(strlen($userinfos['mname']) > 15){
$userinfos['mname'] = substr($userinfos['mname'],0,15);
}
if(empty($ckinfos['time']) || empty($userinfos['mname']) || empty($userinfos['password'])){
if(!empty($_GET['forward'])) header('Location: '.$_GET['forward']);
exit('member data missing!');
}elseif($timestamp - $ckinfos['time'] > $pptin_expire){
if(!empty($_GET['forward'])) header('Location: '.$_GET['forward']);
exit('member data expired!');
}
$db = new cls_mysql;
$db->connect($dbhost,$dbuser,$dbpw,$dbname,$pconnect,true,$dbcharset);
if($cmember = $db->fetch_one("SELECT mid,checked FROM {$tblprefix}members WHERE mname='$userinfos[mname]' AND password='$userinfos[password]'")){
if($cmember['checked'] == 1){
msetcookie('msid','',-86400 * 365);
msetcookie('userauth',authcode("$userinfos[password]\t$cmember[mid]",'ENCODE'),$ckinfos['cookietime'] ? $ckinfos['cookietime'] : 2592000);
}
}else{//只是写入会员资料记录,当第一次登录时需要激活,将checked设为2。
$sqlstr = '';
$userinfos['regip'] = empty($userinfos['regip']) ? onlineip() : $userinfos['regip'];
$userinfos['regdate'] = empty($userinfos['regdate']) ? $timestamp : $userinfos['regdate'];
foreach(array('mname','password','email','regip','regdate') as $var){
$sqlstr .= (empty($sqlstr) ? '' : ',')."$var='$userinfos[$var]'";
}
$sqlstr .= ",checked='2'";
$db->query("INSERT INTO {$tblprefix}members SET $sqlstr");//没有写入模型记录//没有初始化积分
$userinfos['mid'] = $db->insert_id();
$db->query("INSERT INTO {$tblprefix}members_sub SET mid='$userinfos[mid]'");
}
if(!empty($_GET['forward'])) header('Location: '.$_GET['forward']);
exit();
}elseif($_GET['action'] == 'logout'){
msetcookie('msid','',-86400 * 365);
msetcookie('userauth','',-86400 * 365);
if(!empty($_GET['forward'])){
header('Location: '.$_GET['forward']);
}
exit;
}
function passport_decrypt($txt, $key) {
$txt = passport_key(base64_decode($txt), $key);
$tmp = '';
for($i = 0;$i < strlen($txt); $i++) {
$md5 = $txt[$i];
$tmp .= $txt[++$i] ^ $md5;
}
return $tmp;
}
function passport_key($txt, $encrypt_key) {
$encrypt_key = md5($encrypt_key);
$ctr = 0;
$tmp = '';
for($i = 0; $i < strlen($txt); $i++) {
$ctr = $ctr == strlen($encrypt_key) ? 0 : $ctr;
$tmp .= $txt[$i] ^ $encrypt_key[$ctr++];
}
return $tmp;
}
function onlineip() {
global $_SERVER;
if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
$onlineip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
$onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
$onlineip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
$onlineip = $_SERVER['REMOTE_ADDR'];
}
$onlineip = preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipmatches);
return $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';
}
function msetcookie($ckname, $ckvalue, $cklife = 0) {
global $ckpre, $ckdomain, $ckpath, $timestamp, $_SERVER;
setcookie($ckpre.$ckname, $ckvalue, $cklife ? $timestamp + $cklife : 0, $ckpath, $ckdomain, $_SERVER['SERVER_PORT'] == 443 ? 1 : 0);
}
function authcode($string, $operation, $key = '') {
global $_SERVER,$authkey;
$authorization = md5($authkey.$_SERVER['HTTP_USER_AGENT']);
$key = md5($key ? $key : $authorization);
$key_length = strlen($key);
$string = $operation == 'DECODE' ? base64_decode($string) : substr(md5($string.$key), 0, 8).$string;
$string_length = strlen($string);
$rndkey = $box = array();
$result = '';
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($key[$i % $key_length]);
$box[$i] = $i;
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
if(substr($result, 0, 8) == substr(md5(substr($result, 8).$key), 0, 8)) {
return substr($result, 8);
} else {
return '';
}
} else {
return str_replace('=', '', base64_encode($result));
}
}
?>