www.gusucode.com > weenCompany闻名企业网站系统 4.0.0 繁体中英文 UTF8源码程序 > includes/usersystems/weencompany.php
<?php
// +---------------------------------------------+
// | Copyright 2003 - 2005 weenCompany |
// | http://www.weentech.com |
// | This file may not be redistributed. |
// +---------------------------------------------+
if(!defined('IN_WEENCOMPANY'))
die('File not found!');
if(!defined('IN_ADMIN'))
{
$location = $categoryid;
}
else
{
$location = 0;
}
$userip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
define('USERIP', addslashes(substr($userip, 0, 15)));
define('USERAGENT', substr($_SERVER['HTTP_USER_AGENT'], 0, 252));
//define('TIMENOW', time()); - Already defined in core.php
if($_SESSION['forelang'] == 'en')
{
define('COOKIE_PREFIX', 'cwsen');
}
else
{
define('COOKIE_PREFIX', 'cwscn');
}
$mainsettings['cookietimeout'] = 1800;
// set defaults
unset($session);
unset($sessionid);
$sessioncreated = false;
$loginerrors = array();
// ############################# CREATE SESSION ID #############################
function CreateSessionID()
{
return md5(uniqid(USERIP));
}
// ############################## CREATE SESSION ###############################
function CreateSession($userid = 0)
{
global $DB, $sessioncreated, $location;
$loggedin = $userid == 0 ? 0 : 1;
$session = array('sessionid' => CreateSessionID(),
'userid' => intval($userid),
'ipaddress' => USERIP,
'useragent' => USERAGENT,
'lastactivity' => TIMENOW,
'location' => $location,
'loggedin' => $loggedin);
// login creates its own session
if(isset($_POST['login']))
{
return;
}
$DB->query("REPLACE INTO " . TABLE_PREFIX . "sessions (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin)
VALUES ('" . addslashes($session['sessionid']) . "', '" . $session['userid'] . "', '" . addslashes($session['ipaddress']) . "',
'" . addslashes($session['useragent']) . "', '" . $session['lastactivity'] . "',
'" . addslashes($session['location']) . "', '" . $session['loggedin'] . "') ");
if(!isset($_POST['login']) && !isset($_GET['logout']))
{
// save the sessionid
setcookie(COOKIE_PREFIX . "sessionid", $session['sessionid'], TIMENOW + 60*60*24*365, "/");
}
$sessioncreated = true;
return $session;
}
// ############################## FIND SESSIONID ###############################
if(!empty($_POST['s']))
{
$sessionid = $_POST['s'];
}
else if(!empty($_GET['s']))
{
$sessionid = $_GET['s'];
}
else
{
$sessionid = isset($_COOKIE[COOKIE_PREFIX . 'sessionid']) ? $_COOKIE[COOKIE_PREFIX . 'sessionid'] : '';
}
// ############################# CHECK IF SESSION ##############################
if(!empty($sessionid))
{
$session = $DB->query_first("SELECT * FROM " . TABLE_PREFIX . "sessions
WHERE sessionid = '$sessionid'
AND lastactivity > " . (TIMENOW - $mainsettings['cookietimeout']) . "
AND useragent = '" . addslashes(USERAGENT) . "'
AND admin = 0");
// will return an empty session if last activity is expired, meaning the user
// will have to login via cookies 'remember me option'
}
// if a session doesn't exist that means two things
// 1) This is a user who's session deleted (empty($session)) because it expired (weenCompany always deletes old sessions)
// If this is the case, then we'll try logging in via a cookie
// 2) This is a guest (userid == 0)
if(empty($session) OR $session['userid'] == 0)
{
if(!empty($_COOKIE[COOKIE_PREFIX . 'userid']) AND
!empty($_COOKIE[COOKIE_PREFIX . 'password']) AND
is_numeric($_COOKIE[COOKIE_PREFIX . 'userid']))
{
if($user = $DB->query_first("SELECT * FROM " . TABLE_PREFIX . "users WHERE userid = '" . $_COOKIE[COOKIE_PREFIX . 'userid'] . "' AND password = '" . addslashes($_COOKIE[COOKIE_PREFIX . 'password']) . "'"))
{
// cookie login is correct
// delete old sessions
if(!empty($session['sessionid']))
{
$DB->query("DELETE FROM " . TABLE_PREFIX . "sessions WHERE sessionid = '" . addslashes($sessionid) . "'");
}
// create a new session for this user
$session = CreateSession($_COOKIE[COOKIE_PREFIX . 'userid']);
}
else if(!isset($_POST['login']))
{
// user has bad cookies, set the cookies to empty if we are not logging in
// cookie's bad and since we're not doing anything login related, kill the bad cookie
setcookie(COOKIE_PREFIX . "userid", "", TIMENOW + 60*60*24*365, "/");
setcookie(COOKIE_PREFIX . "password", "", TIMENOW + 60*60*24*365, "/");
}
}
}
// ########################### CREATE GUEST SESSION ############################
if(empty($session))
{
$session = CreateSession();
}
// ############################ SETUP USER VARIABLE ############################
if($session['userid'] == 0)
{
$user = array('userid' => 0,
'usergroupids' => 4, // weenCompany 2 - Guests
'username' => '',
'loggedin' => 0,
'email' => '',
'timezoneoffset' => 0,
'dstonoff' => 0,
'dstauto' => 1);
}
else
{
$user = $DB->query_first("SELECT * FROM " . TABLE_PREFIX . "users WHERE userid = '" . $session['userid'] . "'");
// everything else is filled from the database query
$user['usergroupids'] = $user['usergroupid'];
$user['loggedin'] = 1;
$user['timezoneoffset'] = 0;
$user['dstonoff'] = 0;
$user['dstauto'] = 1;
// update user last activity date
$DB->query("UPDATE " . TABLE_PREFIX . "users SET lastactivity = " . TIMENOW . " WHERE userid = $user[userid]");
}
// ############################## UPDATE SESSION ###############################
if(!$sessioncreated)
{
$DB->query("UPDATE " . TABLE_PREFIX . "sessions SET useragent = '" . addslashes(USERAGENT) . "',
lastactivity = " . TIMENOW . ",
location = '$location'
WHERE sessionid = '" . addslashes($session['sessionid']) . "' ");
}
// ################################ FORM LOGIN ################################
if(isset($_POST['login']))
{
$loginusername = $_POST['loginusername'];
$loginpassword = $_POST['loginpassword'];
$rememberme = $_POST['rememberme'];
if(strlen($loginusername))
{
$sql = "SELECT userid, usergroupid, email, username, password, banned, activated FROM " . TABLE_PREFIX . "users WHERE username = '" . addslashes($loginusername) . "'";
if($user = $DB->query_first($sql))
{
if($user['banned'] == 1)
{
$loginerrors[] = $sdlanguage['you_are_banned'];
}
else if($user['activated'] == 0)
{
$loginerrors[] = $sdlanguage['not_yet_activated'];
}
else if($user['password'] != md5($loginpassword))
{
$loginerrors[] = $sdlanguage['wrong_password'];
}
else
{
// user successfully logged in
// everything else is filled from the database query
$user['usergroupids'] = $user['usergroupid'];
$user['loggedin'] = 1;
$user['timezoneoffset'] = 0;
$user['dstonoff'] = 0;
$user['dstauto'] = 1;
// delete old session or the newly created session for this user
// (a session was created before this login script was even executed)
$DB->query("DELETE FROM " . TABLE_PREFIX . "sessions WHERE sessionid = '" . addslashes($sessionid) . "'");
// create new session
$DB->query("REPLACE INTO " . TABLE_PREFIX . "sessions (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin)
VALUES ('$sessionid', '" . $user['userid'] . "', '" . USERIP . "', '" . USERAGENT . "', '" . TIMENOW . "', '$location', 1)");
// save sessionid into cookie
setcookie(COOKIE_PREFIX . "sessionid", $sessionid, TIMENOW + 60*60*24*365, "/");
// if remember me then save username and password
if($rememberme)
{
setcookie(COOKIE_PREFIX . "userid", $user['userid'], TIMENOW + 60*60*24*365, "/");
setcookie(COOKIE_PREFIX . "password", $user['password'], TIMENOW + 60*60*24*365, "/");
}
}
}
else
{
$loginerrors[] = $sdlanguage['wrong_username'];
}
}
else
{
$loginerrors[] = $sdlanguage['please_enter_username'];
}
}
// ################################## LOGOUT ###################################
if(isset($_GET['logout']))
{
// erase all cookies
setcookie(COOKIE_PREFIX . "sessionid", "", TIMENOW + 60*60*24*365, "/");
setcookie(COOKIE_PREFIX . "userid", "", TIMENOW + 60*60*24*365, "/");
setcookie(COOKIE_PREFIX . "password", "", TIMENOW + 60*60*24*365, "/");
if($user['userid'] != 0 AND $user['userid'] != -1)
{
// update user lastactivity and user lastvisit
$DB->query("UPDATE " . TABLE_PREFIX . "users SET lastactivity = " . (TIMENOW - $mainsettings['cookietimeout']) . " WHERE userid = $user[userid]");
// delete sessions with same userid
$DB->query("DELETE FROM " . TABLE_PREFIX . "sessions WHERE userid = $user[userid] AND admin = 0");
}
// delete sessions with same sessionid
$DB->query("DELETE FROM " . TABLE_PREFIX . "sessions WHERE sessionid = '" . addslashes($sessionid) . "'");
// create a new sessionid for this guest
$sessionid = CreateSessionID();
// save this new sessionid in the sessions table
$DB->query("REPLACE INTO " . TABLE_PREFIX . "sessions (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin)
VALUES ('" . addslashes($sessionid) . "', '0', '" . USERIP . "', '" . USERAGENT . "', '" . TIMENOW . "', '$location', 0)");
// save sessionid into cookie
setcookie(COOKIE_PREFIX . "sessionid", $sessionid, TIMENOW + 60*60*24*365, "/");
$user = array('userid' => 0,
'usergroupids' => 4, // weenCompany 2 - Guests
'username' => '',
'loggedin' => 0,
'email' => '',
'timezoneoffset' => 0,
'dstonoff' => 0,
'dstauto' => 1);
}
// ############################ ADD SESSION TO URL? ############################
if(sizeof($_COOKIE) > 0 OR preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']))
{
$user['sessionurl'] = '';
}
else if(strlen($session['sessionhash']) > 0)
{
$user['sessionurl'] = 's=' . $session['sessionhash'];
}
// ############################ DELETE OLD SESSIONS ############################
$DB->query("DELETE FROM " . TABLE_PREFIX . "sessions WHERE lastactivity < " . intval(TIMENOW - $mainsettings['cookietimeout']));
// ###################### WEENCOMPANY USER SETTINGS SETUP #######################
$usersettings = array('userid' => $user['userid'],
'usergroupids' => $user['usergroupids'],
'username' => $user['username'],
'loggedin' => $user['loggedin'],
'email' => $user['email'],
'timezoneoffset' => $user['timezoneoffset'],
'dstonoff' => $user['dstonoff'],
'dstauto' => $user['dstauto'],
'sessionurl' => $user['sessionurl']);
// ############################## UNSET VARIABLES ##############################
unset($user, $session, $sessionid);
// ############################## USER FUNCTIONS ##############################
function IsIPBanned($clientip)
{
global $DB;
$getbanip = $DB->query_first("SELECT value FROM " . TABLE_PREFIX . "modulesettings WHERE moduleid='12' AND title = '禁止IP地址'");
$addresses = explode(' ', preg_replace("/[[:space:]]+/", " ", trim($getbanip[0])) );
if(count($addresses) > 0)
{
foreach ( $addresses as $ip )
{
if(strpos($ip, '*') === false)
{
// Not wildcard so go for exact match
if($ip == $clientip)
return true;
}
elseif(eregi($ip, $clientip))
{
return true;
}
}
}
return false;
}
// Returns the relevent forum link url
// linkType
// 1 - Register
// 2 - UserCP
// 3 - Recover Password
// 4 - UserCP (requires $userid)
// 5 - SendPM (requires $userid)
function ForumLink($linkType, $userid = -1)
{
global $DB, $weenurl, $usersystem;
$url = '';
switch($linkType)
{
case 1:
$getregpath = $DB->query_first("SELECT categoryid FROM " . TABLE_PREFIX . "pagesort WHERE moduleid = 12");
if(isset($getregpath[0]) && $getregpath[0] > 0)
{
$url = RewriteLink('index.php?categoryid=' . $getregpath['categoryid']);
}
break;
case 2:
$getcppath = $DB->query_first("SELECT categoryid FROM " . TABLE_PREFIX . "pagesort WHERE moduleid = 11");
if(isset($getcppath[0]) && $getcppath[0] > 0)
{
$url = RewriteLink('index.php?categoryid=' . $getcppath['categoryid']);
}
break;
case 3:
$getregpath = $DB->query_first("SELECT categoryid FROM " . TABLE_PREFIX . "pagesort WHERE moduleid = 12");
if(isset($getregpath[0]) && $getregpath[0] > 0)
{
$url = RewriteLink('index.php?categoryid=' . $getregpath['categoryid'] . '&m12_forgotpwd=1');
}
break;
case 4:
break;
case 5:
break;
}
return $url;
}
?>