PickCandy/web-discuz
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
UnknownMp
2025-06-18 10:24:27 +08:00
commit ebc39cd5dd
3873 changed files with 412712 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
uc_server/control/admin/admin.php Normal file
View File

@@ -0,0 +1,168 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: admin.php 1139 2012-05-08 09:02:11Z liulanbo $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->load('user');
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminbadword']) {
$this->message('no_permission_for_this_module');
}
}
function onls() {
$status = 0;
if(!empty($_POST['addname']) && $this->submitcheck()) {
$addname = getgpc('addname', 'P');
$this->view->assign('addname', $addname);
$uid = $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username='$addname'");
if($uid) {
$adminuid = $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."admins WHERE username='$addname'");
if($adminuid) {
$status = -1;
} else {
$allowadminsetting = getgpc('allowadminsetting', 'P');
$allowadminapp = getgpc('allowadminapp', 'P');
$allowadminuser = getgpc('allowadminuser', 'P');
$allowadminbadword = getgpc('allowadminbadword', 'P');
$allowadmincredits = getgpc('allowadmincredits', 'P');
$allowadmintag = getgpc('allowadmintag', 'P');
$allowadminpm = getgpc('allowadminpm', 'P');
$allowadmindomain = getgpc('allowadmindomain', 'P');
$allowadmindb = getgpc('allowadmindb', 'P');
$allowadminnote = getgpc('allowadminnote', 'P');
$allowadmincache = getgpc('allowadmincache', 'P');
$allowadminlog = getgpc('allowadminlog', 'P');
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."admins SET
uid='$uid',
username='$addname',
allowadminsetting='$allowadminsetting',
allowadminapp='$allowadminapp',
allowadminuser='$allowadminuser',
allowadminbadword='$allowadminbadword',
allowadmincredits='$allowadmincredits',
allowadmintag='$allowadmintag',
allowadminpm='$allowadminpm',
allowadmindomain='$allowadmindomain',
allowadmindb='$allowadmindb',
allowadminnote='$allowadminnote',
allowadmincache='$allowadmincache',
allowadminlog='$allowadminlog'");
$insertid = $this->db->insert_id();
if($insertid) {
$this->writelog('admin_add', 'username='.dhtmlspecialchars($addname));
$status = 1;
} else {
$status = -2;
}
}
} else {
$status = -3;
}
}
if(!empty($_POST['editpwsubmit']) && $this->submitcheck()) {
$oldpw = getgpc('oldpw', 'P');
$newpw = getgpc('newpw', 'P');
$newpw2 = getgpc('newpw2', 'P');
$reconfkey = getgpc('reconfkey', 'P');
if($_ENV['user']->verify_password($oldpw, UC_FOUNDERPW, UC_FOUNDERSALT) || hash_equals(UC_FOUNDERPW, md5(md5($oldpw).UC_FOUNDERSALT))) {
if($newpw != $newpw2) {
$status = -6;
} else {
$status = $_ENV['user']->reset_founderpw($newpw, $reconfkey);
if($status === 2) {
$this->writelog('admin_pw_edit');
}
}
} else {
$status = -5;
}
}
$this->view->assign('status', $status);
if(!empty($_POST['delete'])) {
$uids = $this->implode(getgpc('delete', 'P'));
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."admins WHERE uid IN ($uids)");
}
$page = max(1, getgpc('page'));
$ppp = 15;
$totalnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."admins");
$start = $this->page_get_start($page, $ppp, $totalnum);
$userlist = $this->db->fetch_all("SELECT m.*,a.* FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) LIMIT $start, $ppp");
$multipage = $this->page($totalnum, $ppp, $page, UC_ADMINSCRIPT.'?m=admin&a=admin');
if($userlist) {
foreach($userlist as $key => $user) {
$user['regdate'] = $this->date($user['regdate']);
$userlist[$key] = $user;
}
}
$a = getgpc('a');
$this->view->assign('a', $a);
$this->view->assign('multipage', $multipage);
$this->view->assign('userlist', $userlist);
$this->view->display('admin_admin');
}
function onedit() {
$uid = getgpc('uid');
$status = 0;
if($this->submitcheck()) {
$allowadminsetting = getgpc('allowadminsetting', 'P');
$allowadminapp = getgpc('allowadminapp', 'P');
$allowadminuser = getgpc('allowadminuser', 'P');
$allowadminbadword = getgpc('allowadminbadword', 'P');
$allowadmintag = getgpc('allowadmintag', 'P');
$allowadminpm = getgpc('allowadminpm', 'P');
$allowadmincredits = getgpc('allowadmincredits', 'P');
$allowadmindomain = getgpc('allowadmindomain', 'P');
$allowadmindb = getgpc('allowadmindb', 'P');
$allowadminnote = getgpc('allowadminnote', 'P');
$allowadmincache = getgpc('allowadmincache', 'P');
$allowadminlog = getgpc('allowadminlog', 'P');
$this->db->query("UPDATE ".UC_DBTABLEPRE."admins SET
allowadminsetting='$allowadminsetting',
allowadminapp='$allowadminapp',
allowadminuser='$allowadminuser',
allowadminbadword='$allowadminbadword',
allowadmincredits='$allowadmincredits',
allowadmintag='$allowadmintag',
allowadminpm='$allowadminpm',
allowadmindomain='$allowadmindomain',
allowadmindb='$allowadmindb',
allowadminnote='$allowadminnote',
allowadmincache='$allowadmincache',
allowadminlog='$allowadminlog'
WHERE uid='$uid'");
$status = $this->db->errno() ? -1 : 1;
$this->writelog('admin_priv_edit', 'username='.dhtmlspecialchars($admin));
}
$admin = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."admins WHERE uid='$uid'");
$this->view->assign('uid', $uid);
$this->view->assign('admin', $admin);
$this->view->assign('status', $status);
$this->view->display('admin_admin');
}
}
?>

278
uc_server/control/admin/app.php Normal file
View File

@@ -0,0 +1,278 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: app.php 1165 2014-10-31 06:58:43Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminapp']) {
$this->message('no_permission_for_this_module');
}
$this->load('app');
$this->load('misc');
}
function onls() {
$status = $affectedrows = 0;
if($this->submitcheck() && !empty($_POST['delete'])) {
$affectedrows += $_ENV['app']->delete_apps($_POST['delete']);
foreach($_POST['delete'] as $k => $appid) {
$_ENV['app']->alter_app_table($appid, 'REMOVE');
unset($_POST['name'][$k]);
}
$this->load('cache');
$_ENV['cache']->updatedata();
$this->writelog('app_delete', 'appid='.implode(',', $_POST['delete']));
$status = 2;
$this->_add_note_for_app();
}
$a = getgpc('a');
$applist = $_ENV['app']->get_apps();
$this->view->assign('status', $status);
$this->view->assign('a', $a);
$this->view->assign('applist', $applist);
$this->view->display('admin_app');
}
function onadd() {
if(!$this->submitcheck()) {
$md5ucfounderpw = md5(UC_FOUNDERPW);
$this->view->assign('md5ucfounderpw', $md5ucfounderpw);
$a = getgpc('a');
$this->view->assign('a', $a);
$typelist = array('DISCUZX'=>'DiscuzX','UCHOME'=>'UCenter Home','XSPACE'=>'X-Space','DISCUZ'=>'Discuz!','SUPESITE'=>'SupeSite','SUPEV'=>'SupeV','ECSHOP'=>'ECShop','ECMALL'=>'ECMall','OTHER'=>$this->lang['other']);
$this->view->assign('typelist', $typelist);
$this->view->display('admin_app');
} else {
$type = getgpc('type', 'P');
$name = getgpc('name', 'P');
$url = getgpc('url', 'P');
$ip = getgpc('ip', 'P');
$viewprourl = getgpc('viewprourl', 'P');
$authkey = getgpc('authkey', 'P');
$synlogin = getgpc('synlogin', 'P');
$recvnote = getgpc('recvnote', 'P');
$apifilename = trim(getgpc('apifilename', 'P'));
$tagtemplates = array();
$tagtemplates['template'] = getgpc('tagtemplates', 'P');
$tagfields = explode("\n", getgpc('tagfields', 'P'));
foreach($tagfields as $field) {
$field = trim($field);
list($k, $v) = explode(',', $field);
if($k) {
$tagtemplates['fields'][$k] = $v;
}
}
$tagtemplates = $this->serialize($tagtemplates, 1);
if(!$_ENV['misc']->check_url($_POST['url'])) {
$this->message('app_add_url_invalid', 'BACK');
}
if(!empty($_POST['ip']) && !$_ENV['misc']->check_ip($_POST['ip'])) {
$this->message('app_add_ip_invalid', 'BACK');
}
$app = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."applications WHERE name='$name'");
if($app) {
$this->message('app_add_name_invalid', 'BACK');
} else {
$extra = serialize(array('apppath'=> getgpc('apppath', 'P')));
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."applications SET name='$name', url='$url', ip='$ip',
viewprourl='$viewprourl', apifilename='$apifilename', authkey='$authkey', synlogin='$synlogin',
type='$type', recvnote='$recvnote', extra='$extra',
tagtemplates='$tagtemplates'");
$appid = $this->db->insert_id();
}
$this->_add_note_for_app();
$this->load('cache');
$_ENV['cache']->updatedata('apps');
$_ENV['app']->alter_app_table($appid, 'ADD');
$this->writelog('app_add', "appid=$appid; appname={$_POST['name']}");
header("location: ". UC_ADMINSCRIPT . "?m=app&a=detail&appid=$appid&addapp=yes&sid=".$this->view->sid);
}
}
function onping() {
$ip = getgpc('ip');
$url = getgpc('url');
$appid = intval(getgpc('appid'));
$app = $_ENV['app']->get_app_by_appid($appid);
$status = '';
if(!empty($app['extra']['apppath']) && $this->detectescape($app['extra']['apppath'].'./api/', $app['apifilename']) && substr(strrchr($app['apifilename'], '.'), 1, 10) == 'php' && @include $app['extra']['apppath'].'./api/'.$app['apifilename']) {
$uc_note = new uc_note();
$status = $uc_note->test($note['getdata'], $note['postdata']);
} else {
$this->load('note');
$url = $_ENV['note']->get_url_code('test', '', $appid);
$status = $_ENV['app']->test_api($url, $ip);
}
header("Content-Type: application/javascript");
if($status == '1') {
echo 'document.getElementById(\'status_'.$appid.'\').innerHTML = "<img src=\'images/correct.gif\' border=\'0\' class=\'statimg\' \/><span class=\'green\'>'.$this->lang['app_connect_ok'].'</span>";testlink();';
} else {
echo 'document.getElementById(\'status_'.$appid.'\').innerHTML = "<img src=\'images/error.gif\' border=\'0\' class=\'statimg\' \/><span class=\'red\'>'.$this->lang['app_connect_false'].'</span>";testlink();';
}
}
function ongeneratekey() {
$newkey = $this->generate_key(64);
header("Content-Type: application/javascript");
echo 'document.getElementsByName("authkey")[0].value = "'.$newkey.'";';
}
function ondetail() {
$appid = getgpc('appid');
$updated = false;
$app = $_ENV['app']->get_app_by_appid($appid);
if($this->submitcheck()) {
$type = getgpc('type', 'P');
$name = getgpc('name', 'P');
$url = getgpc('url', 'P');
$ip = getgpc('ip', 'P');
$viewprourl = getgpc('viewprourl', 'P');
$apifilename = trim(getgpc('apifilename', 'P'));
$authkey = getgpc('authkey', 'P');
$synlogin = getgpc('synlogin', 'P');
$recvnote = getgpc('recvnote', 'P');
$extraurl = getgpc('extraurl', 'P');
if(getgpc('apppath', 'P')) {
$app['extra']['apppath'] = $this->_realpath(getgpc('apppath', 'P'));
if(!empty($app['extra']['apppath'])) {
$apifile = $app['extra']['apppath'].'./api/uc.php';
if(!file_exists($apifile)) {
$this->message('app_apifile_not_exists', 'BACK', 0, array('$apifile' => $apifile));
}
$s = file_get_contents($apifile);
preg_match("/define\(\'UC_CLIENT_VERSION\'\, \'([^\']+?)\'\)/i", $s, $m);
$uc_client_version = @$m[1];
if(!$uc_client_version || $uc_client_version <= '1.0.0') {
$this->message('app_apifile_too_low', 'BACK', 0, array('$apifile' => $apifile));
}
} else {
$this->message('app_path_not_exists');
}
} else {
$app['extra']['apppath'] = '';
}
$app['extra']['extraurl'] = array();
if($extraurl) {
foreach(explode("\n", $extraurl) as $val) {
if(!$val = trim($val)) continue;
$app['extra']['extraurl'][] = $val;
}
}
$tagtemplates = array();
$tagtemplates['template'] = getgpc('tagtemplates', 'P');
$tagfields = explode("\n", getgpc('tagfields', 'P'));
foreach($tagfields as $field) {
$field = trim($field);
list($k, $v) = explode(',', $field);
if($k) {
$tagtemplates['fields'][$k] = $v;
}
}
$tagtemplates = $this->serialize($tagtemplates, 1);
$extra = addslashes(serialize($app['extra']));
$this->db->query("UPDATE ".UC_DBTABLEPRE."applications SET appid='$appid', name='$name', url='$url',
type='$type', ip='$ip', viewprourl='$viewprourl', apifilename='$apifilename', authkey='$authkey',
synlogin='$synlogin', recvnote='$recvnote', extra='$extra',
tagtemplates='$tagtemplates'
WHERE appid='$appid'");
$updated = true;
$this->load('cache');
$_ENV['cache']->updatedata('apps');
$this->cache('settings');
$this->writelog('app_edit', "appid=$appid");
$this->_add_note_for_app();
$app = $_ENV['app']->get_app_by_appid($appid);
}
$tagtemplates = $this->unserialize($app['tagtemplates']);
$tagtemplates = is_array($tagtemplates) ? $tagtemplates : array();
$template = dhtmlspecialchars($tagtemplates['template']);
$tmp = '';
if(is_array($tagtemplates['fields'])) {
foreach($tagtemplates['fields'] as $field => $memo) {
$tmp .= $field.','.$memo."\n";
}
}
if(!empty($tmp)) {
$tagtemplates['fields'] = $tmp;
}
$a = getgpc('a');
$this->view->assign('a', $a);
$app = $_ENV['app']->get_app_by_appid($appid);
$this->view->assign('isfounder', $this->user['isfounder']);
$this->view->assign('appid', $app['appid']);
$this->view->assign('allowips', $app['allowips']);
$this->view->assign('name', $app['name']);
$this->view->assign('url', $app['url']);
$this->view->assign('ip', $app['ip']);
$this->view->assign('viewprourl', $app['viewprourl']);
$this->view->assign('apifilename', $app['apifilename']);
$this->view->assign('authkey', $app['authkey']);
$synloginchecked = array($app['synlogin'] => 'checked="checked"');
$recvnotechecked = array($app['recvnote'] => 'checked="checked"');
$this->view->assign('synlogin', $synloginchecked);
$this->view->assign('charset', $app['charset']);
$this->view->assign('dbcharset', $app['dbcharset']);
$this->view->assign('type', $app['type']);
$this->view->assign('recvnotechecked', $recvnotechecked);
$typelist = array('DISCUZX'=>'DiscuzX','UCHOME'=>'UCenter Home','XSPACE'=>'X-Space','DISCUZ'=>'Discuz!','SUPESITE'=>'SupeSite','SUPEV'=>'SupeV','ECSHOP'=>'ECShop','ECMALL'=>'ECMall','OTHER'=>$this->lang['other']);
$this->view->assign('typelist', $typelist);
$this->view->assign('updated', $updated);
$addapp = getgpc('addapp');
$this->view->assign('addapp', $addapp);
$this->view->assign('extraurl', is_array($app['extra']['extraurl']) ? implode("\n", $app['extra']['extraurl']) : (string)$app['extra']['extraurl']);
$this->view->assign('apppath', $app['extra']['apppath']);
$this->view->assign('tagtemplates', $tagtemplates);
$this->view->display('admin_app');
}
function _add_note_for_app() {
$this->load('note');
$notedata = $this->db->fetch_all("SELECT appid, type, name, url, ip, viewprourl, apifilename, charset, synlogin, extra, recvnote FROM ".UC_DBTABLEPRE."applications");
$notedata = $this->_format_notedata($notedata);
$notedata['UC_API'] = UC_API;
$_ENV['note']->add('updateapps', '', $this->serialize($notedata, 1));
$_ENV['note']->send();
}
function _format_notedata($notedata) {
$arr = array();
foreach($notedata as $key => $note) {
$note['extra'] = unserialize($note['extra']);
$arr[$note['appid']] = $note;
}
return $arr;
}
function _realpath($path) {
return realpath($path).'/';
}
}
?>

102
uc_server/control/admin/badword.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: badword.php 1139 2012-05-08 09:02:11Z liulanbo $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminbadword']) {
$this->message('no_permission_for_this_module');
}
$this->load('badword');
}
function onls() {
$page = getgpc('page');
$find = getgpc('find', 'P');
$replacement = getgpc('replacement', 'P');
$replacementnew = getgpc('replacementnew', 'P');
$findnew = getgpc('findnew', 'P');
$delete = getgpc('delete', 'P');
$adminscript = UC_ADMINSCRIPT;
if($find) {
foreach($find as $id => $arr) {
$_ENV['badword']->update_badword($find[$id], $replacement[$id], $id);
}
}
$status = 0;
if($findnew) {
$_ENV['badword']->add_badword($findnew, $replacementnew, $this->user['username']);
$status = 1;
$this->writelog('badword_add', 'findnew='.dhtmlspecialchars($findnew).'&replacementnew='.dhtmlspecialchars($replacementnew));
}
if(@$delete) {
$_ENV['badword']->delete_badword($delete);
$status = 2;
$this->writelog('badword_delete', "delete=".implode(',', $delete));
}
if(getgpc('multisubmit', 'P')) {
$badwords = getgpc('badwords', 'P');
$type = getgpc('type', 'P');
if($type == 0) {
$_ENV['badword']->truncate_badword();
$type = 1;
}
$arr = explode("\n", str_replace(array("\r", "\n\n"), array("\r", "\n"), $badwords));
foreach($arr as $k => $v) {
$arr2 = explode("=", $v);
$_ENV['badword']->add_badword($arr2[0], $arr2[1], $this->user['username'], $type);
}
}
if($status > 0) {
$notedata = $_ENV['badword']->get_list($page, 1000000, 1000000);
$this->load('note');
$_ENV['note']->add('updatebadwords', '', $this->serialize($notedata, 1));
$_ENV['note']->send();
$this->load('cache');
$_ENV['cache']->updatedata('badwords');
}
$num = $_ENV['badword']->get_total_num();
$badwordlist = $_ENV['badword']->get_list($page, UC_PPP, $num);
$multipage = $this->page($num, UC_PPP, $page, UC_ADMINSCRIPT.'?m=badword&a=ls');
$this->view->assign('status', $status);
$this->view->assign('badwordlist', $badwordlist);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_badword');
}
function onexport() {
$data = $_ENV['badword']->get_list(1, 1000000, 1000000);
$s = '';
if($data) {
foreach($data as $v) {
$s .= $v['find'].'='.$v['replacement']."\r\n";
}
}
@header('Content-Disposition: inline; filename=CensorWords.txt');
@header("Content-Type: text/plain");
echo $s;
}
}
?>

44
uc_server/control/admin/cache.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: cache.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadmincache']) {
$this->message('no_permission_for_this_module');
}
$this->load('cache');
}
function onupdate() {
$updated = false;
if($this->submitcheck('submit')) {
$type = getgpc('type', 'P');
if(!is_array($type) || in_array('data', $type)) {
$_ENV['cache']->updatedata();
}
if(!is_array($type) || in_array('tpl', $type)) {
$_ENV['cache']->updatetpl();
}
$updated = true;
}
$this->view->assign('updated', $updated);
$this->view->display('admin_cache');
}
}
?>

212
uc_server/control/admin/credit.php Normal file
View File

@@ -0,0 +1,212 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: credit.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadmincredits']) {
$this->message('no_permission_for_this_module');
}
}
function onls() {
$appsrc = getgpc('appsrc', 'P');
$creditsrc = getgpc('creditsrc', 'P');
$appdesc = getgpc('appdesc', 'P');
$creditdesc = getgpc('creditdesc', 'P');
$ratiosrc = getgpc('ratiosrc', 'P');
$ratiodesc = getgpc('ratiodesc', 'P');
$delete = getgpc('delete', 'P');
$addexchange = getgpc('addexchange', 'G');
$delexchange = getgpc('delexchange', 'G');
$settings = $this->get_setting(array('creditexchange'), TRUE);
$creditexchange = (isset($settings['creditexchange']) && is_array($settings['creditexchange'])) ? $settings['creditexchange'] : array();
$appsrc = @intval($appsrc);
$creditsrc = @intval($creditsrc);
$appdesc = @intval($appdesc);
$creditdesc = @intval($creditdesc);
$ratiosrc = ($ratiosrc = @intval($ratiosrc)) > 0 ? $ratiosrc : 1;
$ratiodesc = ($ratiodesc = @intval($ratiodesc)) > 0 ? $ratiodesc : 1;
$status = 0;
if(!empty($addexchange) && $this->submitcheck()) {
if($appsrc != $appdesc) {
$key = $appsrc.'_'.$creditsrc.'_'.$appdesc.'_'.$creditdesc;
$creditexchange[$key] = $ratiosrc."\t".$ratiodesc;
$this->set_setting('creditexchange', $creditexchange, TRUE);
$this->load('cache');
$_ENV['cache']->updatedata('settings');
$status = 1;
$this->writelog('credit_addexchange', $appsrc.'_'.$creditsrc.' : '.$appdesc.'_'.$creditdesc.'='.$ratiosrc.' : '.$ratiodesc);
} else {
$status = -1;
}
$settings = $this->get_setting(array('creditexchange'), TRUE);
$creditexchange = is_array($settings['creditexchange']) ? $settings['creditexchange'] : array();
} elseif(!empty($delexchange) && $this->submitcheck()) {
if(is_array($delete)) {
foreach($delete as $key) {
unset($creditexchange[$key]);
}
$this->set_setting('creditexchange', $creditexchange, TRUE);
$this->load('cache');
$_ENV['cache']->updatedata('settings');
$status = 1;
$this->writelog('credit_deleteexchange', "delete=".implode(',', $delete));
}
$settings = $this->get_setting(array('creditexchange'), TRUE);
$creditexchange = is_array($settings['creditexchange']) ? $settings['creditexchange'] : array();
}
$apps = isset($this->settings['credits']) ? unserialize($this->settings['credits']) : '';
if(is_array($creditexchange)) {
foreach($creditexchange as $set => $ratio) {
$tmp = array();
list($tmp['appsrc'], $tmp['creditsrc'], $tmp['appdesc'], $tmp['creditdesc']) = explode('_', $set);
list($tmp['ratiosrc'], $tmp['ratiodesc']) = explode("\t", $ratio);
$tmp['creditsrc'] = $apps[$tmp['appsrc']][$tmp['creditsrc']][0];
$tmp['creditdesc'] = $apps[$tmp['appdesc']][$tmp['creditdesc']][0];
$tmp['appsrc'] = $this->cache['apps'][$tmp['appsrc']]['name'];
$tmp['appdesc'] = $this->cache['apps'][$tmp['appdesc']]['name'];
$creditexchange[$set] = $tmp;
}
}
$appselect = '';
$creditselect = array();
if(is_array($apps)) {
foreach($apps as $appid => $credits) {
$appselect .= '<option value="'.$appid.'">'.$this->cache['apps'][$appid]['name'].'</option>';
$tmp = array();
if(is_array($credits)) {
foreach($credits as $id => $credit) {
$tmp[] = '['.$id.', \''.str_replace('\'', '\\\'', $credit[0]).'\']';
}
}
$creditselect[$appid] = 'credit['.$appid.'] = ['.implode(',', $tmp).'];';
}
}
$this->view->assign('status', $status);
$this->view->assign('appsrc', $appsrc);
$this->view->assign('creditsrc', $creditsrc);
$this->view->assign('appdesc', $appdesc);
$this->view->assign('creditdesc', $creditdesc);
$this->view->assign('ratiosrc', $ratiosrc);
$this->view->assign('ratiodesc', $ratiodesc);
$this->view->assign('appselect', $appselect);
$this->view->assign('creditselect', $creditselect);
$this->view->assign('creditexchange', $creditexchange);
$this->view->display('admin_credit');
}
function onsync() {
$this->load('note');
$this->load('misc');
$this->load('cache');
$step = intval(getgpc('step', 'G'));
if(!$step && is_array($this->cache['apps'])) {
$credits = array();
$stepapp = intval(getgpc('stepapp', 'G'));
$testrelease = intval(getgpc('testrelease', 'G'));
$appids = array_keys($this->cache['apps']);
$appid = $appids[$stepapp];
if(!$stepapp) {
$_CACHE['credits'] = array();
} else {
include UC_DATADIR.'cache/credits.php';
}
if($app = $this->cache['apps'][$appid]) {
$url = $_ENV['note']->get_url_code('getcreditsettings', '', $appid);
$data = trim($_ENV['misc']->dfopen($url, 0, '', '', 1));
if(!$testrelease) {
if(!($data = $this->sync_unserialize($data, ''))) {
header('location: '.UC_API.'/'.UC_ADMINSCRIPT.'?m=credit&a=sync&step=0&stepapp='.$stepapp.'&testrelease=1&sid='.$this->view->sid);
exit();
} else {
$stepapp++;
}
} else {
$data = $this->sync_unserialize($data, 'release/20080429/');
$stepapp++;
}
if($data) {
$_CACHE['credits'][$appid] = $data;
$s = "<?php\r\n";
$s .= '$_CACHE[\'credits\'] = '.var_export($_CACHE['credits'], TRUE).";\r\n";
$s .= "\r\n?>";
file_put_contents(UC_DATADIR.'cache/credits.php', $s, LOCK_EX);
}
header('location: '.UC_API.'/'.UC_ADMINSCRIPT.'?m=credit&a=sync&step=0&stepapp='.$stepapp.'&sid='.$this->view->sid);
} else {
header('location: '.UC_API.'/'.UC_ADMINSCRIPT.'?m=credit&a=sync&step=1&sid='.$this->view->sid);
}
exit();
}
include_once UC_DATADIR.'cache/credits.php';
$credits = $_CACHE['credits'];
$this->set_setting('credits', $credits, TRUE);
$this->load('cache');
$_ENV['cache']->updatedata('settings');
$this->writelog('credit_sync', 'succeed');
$settings = $this->get_setting(array('creditexchange'), TRUE);
$creditexchange = is_array($settings['creditexchange']) ? $settings['creditexchange'] : array();
$updaterequest = array();
$i = 0;
foreach($creditexchange as $set => $ratio) {
$tmp = array();
list($tmp['appsrc'], $tmp['creditsrc'], $tmp['appdesc'], $tmp['creditdesc']) = explode('_', $set);
list($tmp['ratiosrc'], $tmp['ratiodesc']) = explode("\t", $ratio);
$updaterequest[$tmp['appsrc']][] =
'&credit['.$tmp['appsrc'].']['.$i.'][creditsrc]='.intval($tmp['creditsrc']).
'&credit['.$tmp['appsrc'].']['.$i.'][appiddesc]='.urlencode($tmp['appdesc']).
'&credit['.$tmp['appsrc'].']['.$i.'][creditdesc]='.intval($tmp['creditdesc']).
'&credit['.$tmp['appsrc'].']['.$i.'][title]='.urlencode($this->cache['apps'][$tmp['appdesc']]['name'].' '.$credits[$tmp['appdesc']][$tmp['creditdesc']][0]).
'&credit['.$tmp['appsrc'].']['.$i.'][unit]='.urlencode($credits[$tmp['appdesc']][$tmp['creditdesc']][1]).
'&credit['.$tmp['appsrc'].']['.$i.'][ratiosrc]='.$tmp['ratiosrc'].
'&credit['.$tmp['appsrc'].']['.$i.'][ratiodesc]='.$tmp['ratiodesc'].
'&credit['.$tmp['appsrc'].']['.$i.'][ratio]='.($tmp['ratiosrc'] / $tmp['ratiodesc']);
$i++;
}
$data = array();
foreach($updaterequest as $appid => $value) {
$data[] = implode('', $updaterequest[$appid]);
}
$_ENV['note']->add('updatecreditsettings', implode('', $data));
$_ENV['note']->send();
$this->message('syncappcredits_updated',UC_ADMINSCRIPT.'?m=credit&a=ls');
}
function sync_unserialize($s, $release_root) {
if(!function_exists('xml_unserialize')) {
if($release_root && file_exists(UC_ROOT.$release_root.'./lib/xml.class.php')) {
include UC_ROOT.$release_root.'./lib/xml.class.php';
} else {
include UC_ROOT.'./lib/xml.class.php';
}
}
return xml_unserialize($s);
}
}
?>

326
uc_server/control/admin/db.php Normal file
View File

@@ -0,0 +1,326 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: db.php 35059 2014-11-03 08:54:20Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
var $startrow = 0;
var $sizelimit = 0;
var $complete = TRUE;
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadmindb']) {
$this->message('no_permission_for_this_module');
}
$this->check_priv();
$this->load('misc');
}
function onls() {
$status = 0;
$operate = getgpc('o');
if($operate == 'list') {
if($delete = (isset($_POST['delete']) ? $_POST['delete'] : array())) {
if(is_array($delete)) {
foreach($delete AS $filename) {
@unlink('./data/backup/'.str_replace(array('/', '\\'), '', $filename));
}
}
$status = 2;
$this->writelog('db_delete', "delete=".implode(',', $delete));
}
$baklist = array();
if(is_dir(UC_ROOT.'./data/backup/')) {
$dir = dir(UC_ROOT.'./data/backup/');
while($entry = $dir->read()) {
$file = './data/backup/'.$entry;
if(is_dir($file) && preg_match("/backup_(\d+)_\w+/i", $file, $match)) {
$baklist[] = array('name' => $match[0], 'date' => $match[1]);
}
}
$dir->close();
} else {
cpmsg('db_export_dest_invalid');
}
$this->view->assign('baklist', $baklist);
} elseif($operate == 'view') {
$dir = getgpc('dir');
$this->load('app');
$applist = $_ENV['app']->get_apps();
$this->view->assign('applist', $applist);
$this->view->assign('dir', $dir);
} elseif($operate == 'ping') {
$appid = intval(getgpc('appid'));
$app = $this->cache['apps'][$appid];
$dir = trim(getgpc('dir'));
if($app['type'] == 'DISCUZX') {
$url = $app['url'].'/api/db/dbbak.php?apptype='.$app['type'];
} else {
$url = $app['url'].'/api/dbbak.php?apptype='.$app['type'];
}
$code = $this->authcode('&method=ping&dir='.$dir.'&time='.time(), 'ENCODE', $app['authkey']);
$url .= '&code='.urlencode($code);
$res = $_ENV['misc']->dfopen2($url, 0, '', '', 1, $app['ip'], 20, TRUE);
if($res == '1') {
$this->message($this->_parent_js($appid, '<img src="images/correct.gif" border="0" class="statimg" /><span class="green">'.$this->lang['dumpfile_exists'].'</span>').'<script>parent.import_status['.$appid.']=true;</script>');
} else {
$this->message($this->_parent_js($appid, '<img src="images/error.gif" border="0" class="statimg" /><span class="red">'.$this->lang['dumpfile_not_exists'].'</span>').'<script>parent.import_status['.$appid.']=false;</script>');
}
exit;
} else {
$this->load('app');
$applist = $_ENV['app']->get_apps();
$this->view->assign('applist', $applist);
$this->view->assign('dir', 'backup_'.date('ymd', time()).'_'.$this->random(6));
}
$this->view->assign('operate', $operate);
$this->view->display('admin_db');
}
function onoperate() {
require_once UC_ROOT.'lib/xml.class.php';
$nexturl = getgpc('nexturl');
$appid = intval(getgpc('appid'));
$type = getgpc('t') == 'import' ? 'import' : 'export';
$backupdir = getgpc('backupdir');
$app = $this->cache['apps'][$appid];
if($nexturl) {
$url = $nexturl;
} else {
if($type == 'export' && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$content = $_ENV['misc']->dfopen2(UC_API.'/CROSSD~1.XML');
if(strpos($content, 'cross-domain-policy') !== false) {
$this->message($this->_parent_js($appid, 'db_back_dos8p3_failed'));
}
}
if($appid) {
if(!isset($this->cache['apps'][$appid])) {
$this->message($this->_parent_js($appid, 'appid_invalid'));
}
if($app['type'] == 'DISCUZX') {
$url = $app['url'].'/api/db/dbbak.php?apptype='.$app['type'];
} else {
$url = $app['url'].'/api/dbbak.php?apptype='.$app['type'];
}
$code = $this->authcode('&method='.$type.'&sqlpath='.$backupdir.'&time='.time(), 'ENCODE', $app['authkey']);
} else {
$url = (is_https() ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].str_replace(UC_ADMINSCRIPT, 'api/dbbak.php', $_SERVER['PHP_SELF']).'?apptype=UCENTER';
$code = $this->authcode('&method='.$type.'&sqlpath='.$backupdir.'&time='.time(), 'ENCODE', UC_KEY);
}
$url .= '&code='.urlencode($code);
}
if(empty($appid)) {
$app['ip'] = defined('UC_IP') ? UC_IP : '';
}
$res = $_ENV['misc']->dfopen2($url, 0, '', '', 1, $app['ip'], 20, TRUE);
if(empty($res)) {
$this->message($this->_parent_js($appid, 'db_back_api_url_invalid'));
}
$arr = $this->_xml2array($res);
if(empty($arr['fileinfo'])) {
$this->message($this->_parent_js($appid, 'undefine_error'));
} elseif($arr['error']['errorcode']) {
$this->message($this->_parent_js($appid, 'dbback_error_code_'.$arr['error']['errorcode']));
} elseif($arr['nexturl']) {
$this->message($this->_parent_js($appid, 'db_'.$type.'_multivol_redirect', array('$volume' => $arr['fileinfo']['file_num'])), UC_ADMINSCRIPT.'?m=db&a=operate&t='.$type.'&appid='.$appid.'&nexturl='.urlencode($arr['nexturl']));
} elseif(empty($arr['nexturl'])) {
$this->message($this->_parent_js($appid, 'db_'.$type.'_multivol_succeed'));
} else {
$this->message($this->_parent_js($appid, 'undefine_error'));
}
exit;
}
function ondelete() {
require_once UC_ROOT.'lib/xml.class.php';
$appid = intval(getgpc('appid'));
$backupdir = getgpc('backupdir');
$app = $this->cache['apps'][$appid];
if(empty($appid)) {
$app['ip'] = defined('UC_IP') ? UC_IP : '';
$url = (is_https() ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].str_replace(UC_ADMINSCRIPT, 'api/dbbak.php', $_SERVER['PHP_SELF']).'?apptype=UCENTER';
$code = $this->authcode('&method=delete&sqlpath='.$backupdir.'&time='.time(), 'ENCODE', UC_KEY);
$appname = 'UCenter';
} else {
if(!isset($this->cache['apps'][$appid])) {
$this->message($this->_parent_js($appid, 'appid_invalid'));
}
$url = $app['url'].'/api/dbbak.php?apptype='.$app['type'];
$code = $this->authcode('&method=delete&sqlpath='.$backupdir.'&time='.time(), 'ENCODE', $app['authkey']);
$appname = $app['name'];
}
$url .= '&code='.urlencode($code);
$res = $_ENV['misc']->dfopen2($url, 0, '', '', 1, $app['ip'], 20, TRUE);
$next_appid = $this->_next_appid($appid);
if($next_appid != $appid) {
$this->message($this->_parent_js($backupdir, 'delete_dumpfile_redirect', array('$appname' => $appname)), UC_ADMINSCRIPT.'?m=db&a=delete&appid='.$next_appid.'&backupdir='.$backupdir.'&sid='.$this->sid);
} else {
$this->message($this->_parent_js($backupdir, 'delete_dumpfile_success'));
}
}
function _next_appid($appid) {
$last_appid = 0;
foreach($this->cache['apps'] as $key => $val) {
if($appid == $last_appid) {
return $key;
}
$last_appid = $key;
}
return $last_appid;
}
function _parent_js($extid, $message, $vars = array()) {
include UC_ROOT.'view/default/messages.lang.php';
if(isset($lang[$message])) {
$message = $lang[$message] ? str_replace(array_keys($vars), array_values($vars), $lang[$message]) : $message;
}
return '<script type="text/javascript">parent.show_status(\''.$extid.'\', \''.$message.'\');</script>';
}
function _xml2array($xml) {
$arr = xml_unserialize($xml, 1);
preg_match('/<error errorCode="(\d+)" errorMessage="([^\/]+)" \/>/', $xml, $match);
$arr['error'] = array('errorcode' => $match[1], 'errormessage' => $match[2]);
return $arr;
}
function sqldumptable($table, $startfrom = 0, $currsize = 0) {
$offset = 300;
$tabledump = '';
$usehex = TRUE;
$tablefields = array();
$query = $this->db->query("SHOW FULL COLUMNS FROM $table", 'SILENT');
if(!$query && $this->db->errno() == 1146) {
return;
} elseif(!$query) {
$usehex = FALSE;
} else {
while($fieldrow = $this->db->fetch_array($query)) {
$tablefields[] = $fieldrow;
}
}
if(!$startfrom) {
$createtable = $this->db->query("SHOW CREATE TABLE $table", 'SILENT');
if(!$this->db->error()) {
$tabledump = "DROP TABLE IF EXISTS $table;\n";
} else {
return '';
}
$create = $this->db->fetch_row($createtable);
$tabledump .= $create[1];
$tablestatus = $this->db->fetch_first("SHOW TABLE STATUS LIKE '$table'");
$tabledump .= ($tablestatus['Auto_increment'] && strpos($create[1], 'AUTO_INCREMENT') === FALSE ? " AUTO_INCREMENT={$tablestatus['Auto_increment']}" : '').";\n\n";
}
$tabledumped = 0;
$numrows = $offset;
$firstfield = $tablefields[0];
while($currsize + strlen($tabledump) + 500 < $this->sizelimit * 1000 && $numrows == $offset) {
if($firstfield['Extra'] == 'auto_increment') {
$selectsql = "SELECT * FROM $table WHERE {$firstfield['Field']} > $startfrom LIMIT $offset";
} else {
$selectsql = "SELECT * FROM $table LIMIT $startfrom, $offset";
}
$tabledumped = 1;
$rows = $this->db->query($selectsql);
$numfields = $this->db->num_fields($rows);
$numrows = $this->db->num_rows($rows);
while($row = $this->db->fetch_row($rows)) {
$comma = $t = '';
for($i = 0; $i < $numfields; $i++) {
$t .= $comma.($usehex && !empty($row[$i]) && (strpos($tablefields[$i]['Type'], 'char') !== FALSE || strpos($tablefields[$i]['Type'], 'text') !== FALSE) ? '0x'.bin2hex($row[$i]) : '\''.$this->db->escape_string($row[$i]).'\'');
$comma = ',';
}
if(strlen($t) + $currsize + strlen($tabledump) + 500 < $this->sizelimit * 1000) {
if($firstfield['Extra'] == 'auto_increment') {
$startfrom = $row[0];
} else {
$startfrom++;
}
$tabledump .= "INSERT INTO $table VALUES ($t);\n";
} else {
$this->complete = FALSE;
break 2;
}
}
}
$this->startrow = $startfrom;
$tabledump .= "\n";
return $tabledump;
}
function splitsql($sql) {
$sql = str_replace("\r", "\n", $sql);
$ret = array();
$num = 0;
$queriesarray = explode(";\n", trim($sql));
unset($sql);
foreach($queriesarray as $query) {
$queries = explode("\n", trim($query));
foreach($queries as $query) {
$ret[$num] .= $query[0] == "#" ? NULL : $query;
}
$num++;
}
return($ret);
}
function syntablestruct($sql, $version, $dbcharset) {
if(strpos(trim(substr($sql, 0, 18)), 'CREATE TABLE') === FALSE) {
return $sql;
}
$sqlversion = strpos($sql, 'ENGINE=') === FALSE ? FALSE : TRUE;
if($sqlversion === $version) {
return $sqlversion && $dbcharset ? preg_replace(array('/ character set \w+/i', '/ collate \w+/i', "/DEFAULT CHARSET=\w+/is"), array('', '', "DEFAULT CHARSET=$dbcharset"), $sql) : $sql;
}
if($version) {
return preg_replace(array('/TYPE=HEAP/i', '/TYPE=(\w+)/is'), array("ENGINE=MEMORY DEFAULT CHARSET=$dbcharset", "ENGINE=\\1 DEFAULT CHARSET=$dbcharset"), $sql);
} else {
return preg_replace(array('/character set \w+/i', '/collate \w+/i', '/ENGINE=MEMORY/i', '/\s*DEFAULT CHARSET=\w+/is', '/\s*COLLATE=\w+/is', '/ENGINE=(\w+)(.*)/is'), array('', '', 'ENGINE=HEAP', '', '', 'TYPE=\\1\\2'), $sql);
}
}
function sizecount($filesize) {
if($filesize >= 1073741824) {
$filesize = round($filesize / 1073741824 * 100) / 100 . ' GB';
} elseif($filesize >= 1048576) {
$filesize = round($filesize / 1048576 * 100) / 100 . ' MB';
} elseif($filesize >= 1024) {
$filesize = round($filesize / 1024 * 100) / 100 . ' KB';
} else {
$filesize = $filesize . ' Bytes';
}
return $filesize;
}
}
?>

73
uc_server/control/admin/domain.php Normal file
View File

@@ -0,0 +1,73 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: domain.php 1139 2012-05-08 09:02:11Z liulanbo $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadmindomain']) {
$this->message('no_permission_for_this_module');
}
$this->load('domain');
$this->load('misc');
$this->check_priv();
}
function onls() {
$status = 0;
if(@$_POST['domainnew']) {
if(!$_ENV['misc']->check_ip($_POST['ipnew'])) {
$this->message('app_add_ip_invalid', 'BACK');
}
$_ENV['domain']->add_domain($_POST['domainnew'], $_POST['ipnew']);
$status = 1;
$this->writelog('domain_add', 'domainnew='.dhtmlspecialchars($_POST['domainnew']).'&ipnew='.dhtmlspecialchars($_POST['ipnew']));
}
if(@$_POST['domain']) {
foreach($_POST['domain'] as $id => $arr) {
if(!$_ENV['misc']->check_ip($_POST['ip'][$id])) {
$this->message('app_add_ip_invalid', 'BACK');
}
$_ENV['domain']->update_domain($_POST['domain'][$id], $_POST['ip'][$id], $id);
}
$status = 2;
}
if(@$_POST['delete']) {
$_ENV['domain']->delete_domain($_POST['delete']);
$status = 2;
$this->writelog('domain_delete', "delete=".implode(',', $_POST['delete']));
}
if($status > 0) {
$notedata = $_ENV['domain']->get_list($_GET['page'], 1000000, 1000000);
$this->load('note');
$_ENV['note']->add('updatehosts', '', $this->serialize($notedata));
$_ENV['note']->send();
}
$num = $_ENV['domain']->get_total_num();
$domainlist = $_ENV['domain']->get_list($_GET['page'], UC_PPP, $num);
$multipage = $this->page($num, UC_PPP, $_GET['page'], UC_ADMINSCRIPT.'?m=domain&a=ls');
$this->view->assign('status', $status);
$this->view->assign('domainlist', $domainlist);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_domain');
}
}
?>

47
uc_server/control/admin/feed.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: feed.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
var $apps = array();
var $operations = array();
function __construct() {
$this->control();
}
function control() {
parent::__construct();
if(!$this->user['isfounder'] && !$this->user['allowadminnote']) {
$this->message('no_permission_for_this_module');
}
$this->load('feed');
$this->load('misc');
$this->apps = $this->cache['apps'];
$this->check_priv();
}
function onls() {
$page = getgpc('page');
$delete = getgpc('delete', 'P');
$num = $_ENV['feed']->get_total_num();
$feedlist = $_ENV['feed']->get_list($page, UC_PPP, $num);
$multipage = $this->page($num, UC_PPP, $page, UC_ADMINSCRIPT.'?m=feed&a=ls');
$this->view->assign('feedlist', $feedlist);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_feed');
}
}
?>

218
uc_server/control/admin/frame.php Normal file
View File

@@ -0,0 +1,218 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: frame.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
var $members;
var $apps;
var $friends;
function __construct() {
$this->control();
}
function control() {
parent::__construct();
}
function onindex() {
$this->view->assign('sid', $this->view->sid);
$mainurl = getgpc('mainurl');
$mainurl = !empty($mainurl) && preg_match("/^".UC_ADMINSCRIPT."\.php\?(&*\w+=\w+)*$/i", $mainurl) ? $mainurl : UC_ADMINSCRIPT.'?m=frame&a=main&sid='.$this->view->sid;
$this->view->assign('mainurl', $mainurl);
$this->view->display('admin_frame_index');
}
function onmain() {
$ucinfo = '';
$this->view->assign('ucinfo', $ucinfo);
$members = $this->_get_uc_members();
$applist = $this->_get_uc_apps();
$notes = $this->_get_uc_notes();
$errornotes = $this->_get_uc_errornotes($applist);
$pms = $this->_get_uc_pms();
$apps = count($applist);
$friends = $this->_get_uc_friends();
$this->view->assign('members', $members);
$this->view->assign('applist', $applist);
$this->view->assign('apps', $apps);
$this->view->assign('friends', $friends);
$this->view->assign('notes', $notes);
$this->view->assign('errornotes', $errornotes);
$this->view->assign('pms', $pms);
$this->view->assign('iframe', getgpc('iframe', 'G'));
if(@file_exists(constant('UC_ROOT').'./install/index.php') && !constant('UC_DEBUG')) {
@unlink(constant('UC_ROOT').'./install/index.php');
if(@file_exists(constant('UC_ROOT').'./install/index.php')) {
exit('Please delete ./install/index.php via FTP!');
}
}
$serverinfo = PHP_OS.' / PHP v'.PHP_VERSION;
$dbversion = $this->db->version();
$servername = $_SERVER['SERVER_NAME'];
if(isset($_SERVER['SERVER_ADDR']) && isset($_SERVER['SERVER_PORT'])) {
$servername .= ' ('.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT'].')';
}
$fileupload = @ini_get('file_uploads') ? (min(min(ini_get('upload_max_filesize'), ini_get('post_max_size')), ini_get('memory_limit'))) : '<font color="red">'.$lang['no'].'</font>';
$dbsize = 0;
$tablepre = UC_DBTABLEPRE;
$query = $tables = $this->db->fetch_all("SHOW TABLE STATUS LIKE '$tablepre%'");
foreach($tables as $table) {
$dbsize += $table['Data_length'] + $table['Index_length'];
}
$dbsize = $dbsize ? $this->_sizecount($dbsize) : $lang['unknown'];
$allow_url_fopen = ini_get('allow_url_fopen') ? 'On' : 'Off';
$envstatus = $this->_get_uc_envstatus();
$this->view->assign('serverinfo', $serverinfo);
$this->view->assign('fileupload', $fileupload);
$this->view->assign('dbsize', $dbsize);
$this->view->assign('dbversion', $dbversion);
$this->view->assign('servername', $servername);
$this->view->assign('allow_url_fopen', $allow_url_fopen);
$this->view->assign('envstatus', $envstatus);
$this->view->display('admin_frame_main');
}
function onmenu() {
$this->view->display('admin_frame_menu');
}
function onheader() {
$this->load('app');
$applist = $_ENV['app']->get_apps();
$cparray = array(
'UCHOME' => 'admincp.php',
'DISCUZ' => 'admincp.php',
'SUPESITE' => 'admincp.php',
'XSPACE' => 'admincp.php',
'SUPEV' => 'admincp.php',
'ECSHOP' => 'admin/index.php',
'ECMALL' => 'admin.php',
'DISCUZX' => 'admin.php'
);
$admincp = '';
if(is_array($applist)) {
foreach($applist AS $k => $app) {
if(isset($cparray[$app['type']])) {
$admincp .= '<li><a href="'.(substr($app['url'], -1) == '/' ? $app['url'] : $app['url'].'/').$cparray[$app['type']].'" target="_blank">'.$app['name'].'</a></li>';
}
}
}
$this->view->assign('admincp', $admincp);
$this->view->assign('username', $this->user['username']);
$this->view->display('admin_frame_header');
}
function _get_uc_members() {
if(!$this->members) {
$this->members = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."members");
}
return $this->members;
}
function _get_uc_friends() {
$friends = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."friends");
return $friends;
}
function _get_uc_apps() {
if(!$this->apps) {
$this->apps = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."applications");
}
return $this->apps;
}
function _get_uc_pms() {
$pms = 0;
for($i = 0; $i < 10; $i++) {
$pms += $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_messages_".(string)$i);
}
return $pms;
}
function _get_uc_notes() {
$notes = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."notelist WHERE closed='0'");
return $notes;
}
function _get_uc_errornotes($applist) {
$notelist = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."notelist ORDER BY dateline DESC LIMIT 20");
$error = array();
foreach($notelist as $note) {
foreach($applist as $k => $app) {
if($note['app'.$app['appid']] < 0) {
$error[$k]++;
}
}
}
return $error;
}
function _sizecount($filesize) {
if($filesize >= 1073741824) {
$filesize = round($filesize / 1073741824 * 100) / 100 . ' GB';
} elseif($filesize >= 1048576) {
$filesize = round($filesize / 1048576 * 100) / 100 . ' MB';
} elseif($filesize >= 1024) {
$filesize = round($filesize / 1024 * 100) / 100 . ' KB';
} else {
$filesize = $filesize . ' Bytes';
}
return $filesize;
}
function _get_uc_info() {
$update = array('uniqueid' => UC_SITEID, 'version' => UC_SERVER_VERSION, 'release' => UC_SERVER_RELEASE, 'php' => PHP_VERSION, 'mysql' => $this->db->version(), 'charset' => UC_CHARSET);
$updatetime = @filemtime(UC_ROOT.'./data/updatetime.lock');
if(empty($updatetime) || ($this->time - $updatetime > 3600 * 4)) {
@touch(UC_ROOT.'./data/updatetime.lock');
$update['members'] = $this->_get_uc_members();
$update['friends'] = $this->_get_uc_friends();
$apps = $this->_get_uc_apps();
if($apps) {
foreach($apps as $app) {
$update['app_'.$app['appid']] = $app['name']."\t".$app['url']."\t".$app['type'];
}
}
}
$data = '';
foreach($update as $key => $value) {
$data .= $key.'='.rawurlencode($value).'&';
}
return 'update='.rawurlencode(base64_encode($data)).'&md5hash='.substr(md5($_SERVER['HTTP_USER_AGENT'].implode('', $update).$this->time), 8, 8).'&timestamp='.$this->time;
}
function _get_uc_envstatus() {
$version = constant('UC_SERVER_VERSION');
$now_ver_gd = function_exists('gd_info')? gd_info() : false;
$now_ver = array('PHP' => constant('PHP_VERSION'), 'MySQL' => $this->db->version(), 'XML' => function_exists('xml_parser_create'), 'JSON' => function_exists('json_encode'), 'FileSock Function' => (function_exists('fsockopen') || function_exists('pfsockopen') || function_exists('stream_socket_client') || function_exists('curl_init')), 'GD' => ($now_ver_gd ? preg_replace('/[^0-9.]+/', '', $now_ver_gd['GD Version']) : false));
$req_ver = array('PHP' => '5.6.0', 'MySQL' => '5.5.3', 'XML' => true, 'JSON' => true, 'FileSock Function' => true, 'GD' => '1.0');
$sug_ver = array('PHP' => '7.4.0', 'MySQL' => '8.0.0', 'XML' => true, 'JSON' => true, 'FileSock Function' => true, 'GD' => '2.0');
foreach ($now_ver as $key => $value) {
if($req_ver[$key] === true) {
if (!$value) {
return array('status' => 0, 'req' => $key, 'version' => $version);
}
} else if (version_compare($value, $req_ver[$key], '<')) {
return array('status' => 0, 'req' => $key, 'now_ver' => $value, 'sug_ver' => $sug_ver[$key], 'req_ver' => $req_ver[$key], 'version' => $version);
}
}
return array('status' => 1, 'version' => $version);
}
}
?>

0
uc_server/control/admin/index.htm Normal file
View File

63
uc_server/control/admin/log.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: log.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminlog']) {
$this->message('no_permission_for_this_module');
}
$this->check_priv();
}
function onls() {
$logdir = UC_ROOT.'data/logs/';
$dir = opendir($logdir);
$logs = $loglist = array();
while($entry = readdir($dir)) {
if(is_file($logdir.$entry) && strpos($entry, '.php') !== FALSE) {
$logs = array_merge($logs, file($logdir.$entry));
}
}
closedir($dir);
$logs = array_reverse($logs);
foreach($logs AS $k => $v) {
if(count($v = explode("\t", $v)) > 1) {
$v[3] = $this->date($v[3]);
$v[4] = $this->lang[$v[4]];
$loglist[$k] = $v;
}
}
$page = max(1, intval($_GET['page']));
$start = ($page - 1) * UC_PPP;
$num = count($loglist);
$multipage = $this->page($num, UC_PPP, $page, UC_ADMINSCRIPT.'?m=log&a=ls');
$loglist = array_slice($loglist, $start, UC_PPP);
$this->view->assign('loglist', $loglist);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_log');
}
}
?>

87
uc_server/control/admin/mail.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: mail.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
var $apps = array();
var $operations = array();
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
$this->load('mail');
$this->check_priv();
}
function onls() {
$page = getgpc('page');
$delete = getgpc('delete', 'P');
$status = 0;
if(!empty($delete)) {
$_ENV['mail']->delete_mail($delete);
$status = 2;
$this->writelog('mail_delete', "delete=".implode(',', $delete));
}
$num = $_ENV['mail']->get_total_num();
$maillist = $_ENV['mail']->get_list($page, UC_PPP, $num);
$multipage = $this->page($num, UC_PPP, $page, UC_ADMINSCRIPT.'?m=mail&a=ls');
$this->view->assign('status', $status);
$this->view->assign('maillist', $maillist);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_mail');
}
function onsend() {
$mailid = intval(getgpc('mailid'));
$result = $_ENV['mail']->send_by_id($mailid);
if($result) {
$this->writelog('mail_send', "appid=$appid&noteid=$noteid");
$this->message('mail_succeed', $_SERVER['HTTP_REFERER']);
} else {
$this->writelog('mail_send', 'failed');
$this->message('mail_false', $_SERVER['HTTP_REFERER']);
}
}
function _note_status($status, $appid, $noteid, $args, $operation) {
if($status > 0) {
return '<font color="green">'.$this->lang['note_succeed'].'</font>';
} elseif($status == 0) {
$url = UC_ADMINSCRIPT.'?m=note&a=send&appid='.$appid.'&noteid='.$noteid;
return '<a href="'.$url.'" class="red">'.$this->lang['note_na'].'</a>';
} elseif($status < 0) {
$url = UC_ADMINSCRIPT.'?m=note&a=send&appid='.$appid.'&noteid='.$noteid;
return '<a href="'.$url.'"><font color="red">'.$this->lang['note_false'].(-$status).$this->lang['note_times'].'</font></a>';
}
}
function _format_maillist(&$maillist) {
if(is_array($maillist)) {
foreach($maillist AS $key => $note) {
$maillist[$key]['operation'] = $this->lang['note_'.$note['operation']];//$this->operations[$note['operation']][0];
foreach($this->apps AS $appid => $app) {
$maillist[$key]['status'][$appid] = $this->_note_status($note['app'.$appid], $appid, $note['noteid'], $note['args'], $note['operation']);
}
}
}
}
}
?>

114
uc_server/control/admin/note.php Normal file
View File

@@ -0,0 +1,114 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: note.php 1155 2013-06-20 08:36:25Z andyzheng $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
var $apps = array();
var $operations = array();
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminnote']) {
$this->message('no_permission_for_this_module');
}
$this->load('note');
$this->apps = $this->cache['apps'];
$this->operations = array(
'test'=>array('', 'action=test'),
'deleteuser'=>array('', 'action=deleteuser'),
'renameuser'=>array('', 'action=renameuser'),
'deletefriend'=>array('', 'action=deletefriend'),
'gettag'=>array('', 'action=gettag', 'tag', 'updatedata'),
'getcreditsettings'=>array('', 'action=getcreditsettings'),
'updatecreditsettings'=>array('', 'action=updatecreditsettings'),
'updateclient'=>array('', 'action=updateclient'),
'updatepw'=>array('', 'action=updatepw'),
'updatebadwords'=>array('', 'action=updatebadwords'),
'updatehosts'=>array('', 'action=updatehosts'),
'updateapps'=>array('', 'action=updateapps'),
'updatecredit'=>array('', 'action=updatecredit'),
);
$this->check_priv();
}
function onls() {
$page = getgpc('page');
$delete = getgpc('delete', 'P');
$status = 0;
if(!empty($delete)) {
$_ENV['note']->delete_note($delete);
$status = 2;
$this->writelog('note_delete', "delete=".implode(',', $delete));
}
foreach($this->cache['apps'] as $key => $app) {
if(empty($app['recvnote'])) {
unset($this->apps[$key]);
}
}
$num = $_ENV['note']->get_total_num(1);
$notelist = $_ENV['note']->get_list($page, UC_PPP, $num, 1);
$multipage = $this->page($num, UC_PPP, $page, UC_ADMINSCRIPT.'?m=note&a=ls');
$this->view->assign('status', $status);
$this->view->assign('applist', $this->apps);
$this->_format_notlist($notelist);
$this->view->assign('notelist', $notelist);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_note');
}
function onsend() {
$noteid = intval(getgpc('noteid'));
$appid = intval(getgpc('appid'));
$result = $_ENV['note']->sendone($appid, $noteid);
if($result) {
$this->writelog('note_send', "appid=$appid&noteid=$noteid");
$this->message('note_succeed', $_SERVER['HTTP_REFERER']);
} else {
$this->writelog('note_send', 'failed');
$this->message('note_false', $_SERVER['HTTP_REFERER']);
}
}
function _note_status($status, $appid, $noteid, $args, $operation) {
if($status > 0) {
return '<font color="green">'.$this->lang['note_succeed'].'</font>';
} elseif($status == 0) {
$url = UC_ADMINSCRIPT.'?m=note&a=send&appid='.$appid.'&noteid='.$noteid;
return '<a href="'.$url.'" class="red">'.$this->lang['note_na'].'</a>';
} elseif($status < 0) {
$url = UC_ADMINSCRIPT.'?m=note&a=send&appid='.$appid.'&noteid='.$noteid;
return '<a href="'.$url.'"><font color="red">'.$this->lang['note_false'].(-$status).$this->lang['note_times'].'</font></a>';
}
}
function _format_notlist(&$notelist) {
if(is_array($notelist)) {
foreach($notelist AS $key => $note) {
$notelist[$key]['operation'] = $this->lang['note_'.$note['operation']];//$this->operations[$note['operation']][0];
foreach($this->apps AS $appid => $app) {
$notelist[$key]['status'][$appid] = $this->_note_status($note['app'.$appid], $appid, $note['noteid'], '', $note['operation']);
}
}
}
}
}
?>

63
uc_server/control/admin/plugin.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: plugin.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class pluginbase extends adminbase {
public function serialize($s, $htmlon = 0) {
parent::serialize($s, $htmlon);
}
var $plugin = array();
var $plugins = array();
function __construct() {
$this->control();
}
function pluginbase() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder']) {
$this->message('no_permission_for_this_module');
}
$a = getgpc('a');
$this->load('plugin');
$this->plugin = $_ENV['plugin']->get_plugin($a);
$this->plugins = $_ENV['plugin']->get_plugins();
if(empty($this->plugin)) {
$this->message('read_plugin_invalid');
}
$this->view->assign('plugin', $this->plugin);
$this->view->assign('plugins', $this->plugins);
$this->view->languages = $this->plugin['lang'];
$this->view->tpldir = UC_ROOT.'./plugin/'.$a;
$this->view->objdir = UC_DATADIR.'./view';
}
function _call($a, $arg) {
$do = getgpc('do');
$do = empty($do) ? 'onindex' : 'on'.$do;
if(method_exists($this, $do) && $do[0] != '_') {
$this->$do();
} else {
exit('Plugin module not found');
}
}
}
$a = getgpc('a');
$do = getgpc('do');
if(!preg_match("/^[\w]{1,64}$/", $a)) {
exit('Argument Invalid');
}
if(!@require_once UC_ROOT."./plugin/$a/plugin.php") {
exit('Plugin not found');
}
?>

220
uc_server/control/admin/pm.php Normal file
View File

@@ -0,0 +1,220 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: pm.php 1066 2011-03-07 09:20:31Z svn_project_zhangjie $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
if(!$this->user['isfounder'] && !$this->user['allowadminpm']) {
$this->message('no_permission_for_this_module');
}
$this->load('pm');
$this->check_priv();
}
function onls() {
$pmlist = array();
$count = 0;
$multipage = $srchtablename = $srchauthor = $srchstarttime = $srchendtime = $srchmessage = '';
if($this->submitcheck() || getgpc('searchpmsubmit', 'G')) {
$srchtablename = intval(getgpc('srchtablename', 'R'));
$srchauthor = trim(getgpc('srchauthor', 'R'));
$srchstarttime = trim(getgpc('srchstarttime', 'R'));
$srchendtime = trim(getgpc('srchendtime', 'R'));
$srchmessage = trim(getgpc('srchmessage', 'R'));
$wheresql = array();
if(!$srchtablename) {
$srchtablename = 0;
}
if($srchauthor) {
$this->load('user');
$uidarr = $_ENV['user']->name2id(explode(',', $srchauthor));
$wheresql[] = "authorid IN (".$this->implode($uidarr).")";
}
if($srchstarttime) {
$wheresql[] = "dateline>='".strtotime($srchstarttime)."'";
}
if($srchendtime) {
$wheresql[] = "dateline<'".strtotime($srchendtime)."'";
}
if($srchmessage) {
$wheresql[] = "message LIKE '%{$srchmessage}%'";
}
if(!empty($wheresql)) {
$count = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_messages_".(string)$srchtablename." WHERE ".implode(' AND ', $wheresql));
}
if($count) {
$page = intval(getgpc('page', 'R'));
$page = $page ? $page : 1;
$start = ($page-1) * UC_PPP;
$limit = UC_PPP;
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."pm_messages_".(string)$srchtablename." WHERE ".implode(' AND ', $wheresql)." LIMIT $start, $limit");
while($message = $this->db->fetch_array($query)) {
$message['dateline'] = $this->date($message['dateline']);
$user[] = $message['authorid'];
$pmlist[] = $message;
}
$this->load('user');
$usernamearr = $_ENV['user']->id2name($user);
foreach($pmlist as $key => $value) {
$pmlist[$key]['author'] = $usernamearr[$pmlist[$key]['authorid']];
}
$multipage = $this->page($count, UC_PPP, $page, UC_ADMINSCRIPT.'?m=pm&a=ls&srchtablename='.$srchtablename.'&srchauthor='.urlencode($srchauthor).'&srchstarttime='.urlencode($srchstarttime).'&srchendtime='.urlencode($srchendtime).'&srchmessage='.urlencode($srchmessage).'&searchpmsubmit=true');
}
}
$pmnum = 0;
for($i = 0; $i < 10; $i++) {
$pmnum += $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_messages_".(string)$i);
}
$this->view->assign('pmnum', $pmnum);
$this->view->assign('count', $count);
$this->view->assign('pmlist', $pmlist);
$this->view->assign('multipage', $multipage);
$this->view->assign('srchtablename', $srchtablename);
$this->view->assign('srchauthor', $srchauthor);
$this->view->assign('srchstarttime', $srchstarttime);
$this->view->assign('srchendtime', $srchendtime);
$this->view->assign('srchmessage', $srchmessage);
$this->view->display('admin_pm_search');
}
function ondelete() {
$srchtablename = intval(getgpc('srchtablename', 'R'));
$srchauthor = trim(getgpc('srchauthor', 'R'));
$srchstarttime = trim(getgpc('srchstarttime', 'R'));
$srchendtime = trim(getgpc('srchendtime', 'R'));
$srchmessage = trim(getgpc('srchmessage', 'R'));
if($this->submitcheck()) {
$pmids = getgpc('deletepmid');
if(empty($pmids)) {
$this->message('pm_delete_noselect', UC_ADMINSCRIPT.'?m=pm&a=ls&srchtablename='.$srchtablename.'&srchauthor='.urlencode($srchauthor).'&srchstarttime='.urlencode($srchstarttime).'&srchendtime='.urlencode($srchendtime).'&srchmessage='.urlencode($srchmessage).'&searchpmsubmit=true');
}
foreach($pmids as $pmid) {
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."pm_indexes i LEFT JOIN ".UC_DBTABLEPRE."pm_lists l ON i.plid=l.plid WHERE i.pmid='$pmid'");
if($index = $this->db->fetch_array($query)) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($index['plid'])." WHERE pmid='$pmid'");
if($index['pmtype'] == 1) {
$authorcount = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($index['plid'])." WHERE plid='".$index['plid']."' AND delstatus IN (0, 2)");
$othercount = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($index['plid'])." WHERE plid='".$index['plid']."' AND delstatus IN (0, 1)");
$users = explode('_', $index['min_max']);
if($users[0] == $index['authorid']) {
$other = $users[1];
} else {
$other = $users[0];
}
if($authorcount + $othercount == 0) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$index['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='".$index['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='".$index['plid']."'");
} else {
if($authorcount){
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET pmnum='$authorcount' WHERE plid='".$index['plid']."' AND uid='".$index['authorid']."'");
} else {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$index['plid']."' AND uid='".$index['authorid']."'");
}
if($othercount) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET pmnum='$othercount' WHERE plid='".$index['plid']."' AND uid='".$other."'");
} else {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$index['plid']."' AND uid='".$other."'");
}
}
} elseif($index['pmtype'] == 2) {
$count = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($index['plid'])." WHERE plid='".$index['plid']."'");
if(!$count) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$index['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='".$index['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='".$index['plid']."'");
} else {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET pmnum='$count' WHERE plid='".$index['plid']."'");
}
}
}
}
$this->message('pm_clear_succeed', UC_ADMINSCRIPT.'?m=pm&a=ls&srchtablename='.$srchtablename.'&srchauthor='.urlencode($srchauthor).'&srchstarttime='.urlencode($srchstarttime).'&srchendtime='.urlencode($srchendtime).'&srchmessage='.urlencode($srchmessage).'&searchpmsubmit=true');
}
}
function onclear() {
$delnum = $status = 0;
if($this->submitcheck() || getgpc('clearpmsubmit', 'G')) {
$usernames = trim(getgpc('usernames', 'R'));
$pertask = intval(getgpc('pertask', 'R'));
$current = intval(getgpc('current', 'R'));
$pertask = $pertask ? $pertask : 100;
$current = $current > 0 ? $current : 0;
$next = $current + $pertask;
$nexturl = UC_ADMINSCRIPT."?m=pm&a=clear&usernames=$usernames&current=$next&pertask=$pertask&clearpmsubmit=1";
if($usernames) {
$uids = 0;
$processed = 0;
$usernames = "'".implode("', '", explode(',', $usernames))."'";
$query = $this->db->query("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username IN ($usernames)");
while($res = $this->db->fetch_array($query)) {
$uids .= ','.$res['uid'];
}
if($uids) {
$query = $this->db->query("SELECT m.plid, m.uid, t.pmtype, t.authorid FROM ".UC_DBTABLEPRE."pm_members m LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON m.plid=t.plid WHERE m.uid IN ($uids) LIMIT $pertask");
while($member = $this->db->fetch_array($query)) {
$processed = 1;
if($member['pmtype'] == 1) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($member['plid'])." WHERE plid='".$member['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='".$member['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$member['plid']."'");
$adjust = $this->db->affected_rows();
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='".$member['plid']."'");
} elseif($member['pmtype'] == 2) {
if($member['authorid'] == $member['uid']) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($member['plid'])." WHERE plid='".$member['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='".$member['plid']."'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$member['plid']."'");
$adjust = $this->db->affected_rows();
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='".$member['plid']."'");
} else {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$_ENV['pm']->getposttablename($member['plid'])." WHERE plid='".$member['plid']."' AND authorid IN (".$uids.")");
$affectpmnum = $this->db->affected_rows();
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='".$member['plid']."' AND uid IN (".$uids.")");
$affectmembers = $this->db->affected_rows();
$adjust = $affectmembers;
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET pmnum=pmnum-'$affectpmnum' WHERE plid='".$member['plid']."'");
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_lists SET members=members-'$affectmembers' WHERE plid='".$member['plid']."'");
}
}
}
}
if($processed) {
$this->message('pm_clear_processing', $nexturl, 0, array('current' => $current, 'next' => $next));
} else {
$this->message('pm_clear_succeed', UC_ADMINSCRIPT.'?m=pm&a=clear');
}
}
}
$pmnum = 0;
for($i = 0; $i < 10; $i++) {
$pmnum += $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_messages_".(string)$i);
}
$this->view->assign('pmnum', $pmnum);
$this->view->assign('delnum', $delnum);
$this->view->assign('status', $status);
$this->view->display('admin_pm_clear');
}
}
?>

52
uc_server/control/admin/seccode.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: seccode.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends base {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$authkey = md5(UC_KEY.$_SERVER['HTTP_USER_AGENT'].$this->onlineip);
$this->time = time();
$seccodeauth = getgpc('seccodeauth');
$seccode = $this->authcode($seccodeauth, 'DECODE', $authkey);
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
include_once UC_ROOT.'lib/seccode.class.php';
$code = new seccode();
$code->code = $seccode;
$code->type = 0;
$code->width = 70;
$code->height = 21;
$code->background = 0;
$code->adulterate = 1;
$code->ttf = 1;
$code->angle = 0;
$code->color = 1;
$code->size = 0;
$code->shadow = 1;
$code->animator = 0;
$code->fontpath = UC_ROOT.'images/fonts/';
$code->datapath = UC_ROOT.'images/';
$code->includepath = '';
$code->display();
}
}
?>

202
uc_server/control/admin/setting.php Normal file
View File

@@ -0,0 +1,202 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: setting.php 1174 2014-11-03 04:38:12Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class control extends adminbase {
var $_setting_items = array('doublee', 'accessemail', 'censoremail', 'censorusername',
'dateformat', 'timeoffset', 'timeformat', 'extra', 'maildefault', 'mailsend', 'mailserver',
'mailport', 'mailtimeout', 'mailauth', 'mailfrom', 'mailauth_username', 'mailauth_password', 'maildelimiter',
'mailusername', 'mailsilent', 'pmcenter', 'privatepmthreadlimit', 'chatpmthreadlimit',
'chatpmmemberlimit', 'pmfloodctrl', 'sendpmseccode', 'pmsendregdays', 'login_failedtime',
'addappbyurl', 'insecureoperation', 'passwordalgo', 'passwordoptions');
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$this->check_priv();
if(!$this->user['isfounder'] && !$this->user['allowadminsetting']) {
$this->message('no_permission_for_this_module');
}
$this->check_priv();
}
function onls() {
$this->load('user');
$updated = false;
if($this->submitcheck()) {
$timeformat = getgpc('timeformat', 'P');
$dateformat = getgpc('dateformat', 'P');
$timeoffset = getgpc('timeoffset', 'P');
$privatepmthreadlimit = getgpc('privatepmthreadlimit', 'P');
$chatpmthreadlimit = getgpc('chatpmthreadlimit', 'P');
$chatpmmemberlimit = getgpc('chatpmmemberlimit', 'P');
$pmfloodctrl = getgpc('pmfloodctrl', 'P');
$pmsendregdays = getgpc('pmsendregdays', 'P');
$pmcenter = getgpc('pmcenter', 'P');
$sendpmseccode = getgpc('sendpmseccode', 'P');
$login_failedtime = getgpc('login_failedtime', 'P');
$addappbyurl = getgpc('addappbyurl', 'P');
$insecureoperation = getgpc('insecureoperation', 'P');
$passwordalgo = getgpc('passwordalgo', 'P');
$passwordoptions = htmlspecialchars_decode(stripslashes(getgpc('passwordoptions', 'P')));
$dateformat = str_replace(array('yyyy', 'mm', 'dd'), array('y', 'n', 'j'), strtolower($dateformat));
$timeformat = $timeformat == 1 ? 'H:i' : 'h:i A';
$timeoffset = in_array($timeoffset, array('-12', '-11', '-10', '-9', '-8', '-7', '-6', '-5', '-4', '-3.5', '-3', '-2', '-1', '0', '1', '2', '3', '3.5', '4', '4.5', '5', '5.5', '5.75', '6', '6.5', '7', '8', '9', '9.5', '10', '11', '12')) ? $timeoffset : 8;
if(empty($passwordalgo) && !empty($passwordoptions)) {
$passwordoptions = '';
} else if(!empty($passwordalgo)) {
$options = empty($passwordoptions) ? array() : json_decode($passwordoptions, true);
$tresult = password_hash($passwordalgo, constant($passwordalgo), $options);
if($tresult === false || $tresult === null || !password_verify($passwordalgo, $tresult)) {
$passwordalgo = '';
$passwordoptions = '';
}
}
$this->set_setting('dateformat', $dateformat);
$this->set_setting('timeformat', $timeformat);
$timeoffset = $timeoffset * 3600;
$this->set_setting('timeoffset', $timeoffset);
$this->set_setting('privatepmthreadlimit', intval($privatepmthreadlimit));
$this->set_setting('chatpmthreadlimit', intval($chatpmthreadlimit));
$this->set_setting('chatpmmemberlimit', intval($chatpmmemberlimit));
$this->set_setting('pmfloodctrl', intval($pmfloodctrl));
$this->set_setting('pmsendregdays', intval($pmsendregdays));
$this->set_setting('pmcenter', $pmcenter);
$this->set_setting('sendpmseccode', $sendpmseccode ? 1 : 0);
$this->set_setting('login_failedtime', intval($login_failedtime));
$this->set_setting('addappbyurl', $addappbyurl);
$this->set_setting('insecureoperation', $insecureoperation);
$this->set_setting('passwordalgo', $passwordalgo);
$this->set_setting('passwordoptions', $passwordoptions);
$updated = true;
$this->updatecache();
}
$settings = $this->get_setting($this->_setting_items);
if($updated) {
$this->_add_note_for_setting($settings);
}
$settings['dateformat'] = str_replace(array('y', 'n', 'j'), array('yyyy', 'mm', 'dd'), $settings['dateformat']);
$settings['timeformat'] = $settings['timeformat'] == 'H:i' ? 1 : 0;
$settings['pmcenter'] = $settings['pmcenter'] ? 1 : 0;
$settings['insecureoperation'] = $settings['insecureoperation'] ? 1 : 0;
$a = getgpc('a');
$this->view->assign('a', $a);
$this->view->assign('dateformat', $settings['dateformat']);
$timeformatchecked = array('','');
$timeformatchecked[$settings['timeformat']] = 'checked="checked"';
$this->view->assign('timeformat', $timeformatchecked);
$this->view->assign('privatepmthreadlimit', $settings['privatepmthreadlimit']);
$this->view->assign('chatpmthreadlimit', $settings['chatpmthreadlimit']);
$this->view->assign('chatpmmemberlimit', $settings['chatpmmemberlimit']);
$this->view->assign('pmsendregdays', $settings['pmsendregdays']);
$this->view->assign('pmfloodctrl', $settings['pmfloodctrl']);
$pmcenterchecked = array('','');
$pmcenterchecked[$settings['pmcenter']] = 'checked="checked"';
$pmcenterchecked['display'] = $settings['pmcenter'] ? '' : 'style="display:none"';
$addappbyurlchecked = array('','');
$addappbyurlchecked[$settings['addappbyurl']] = 'checked="checked"';
$insecureoperationchecked = array('','');
$insecureoperationchecked[$settings['insecureoperation']] = 'checked="checked"';
$this->view->assign('pmcenter', $pmcenterchecked);
$sendpmseccodechecked = array('','');
$sendpmseccodechecked[$settings['sendpmseccode']] = 'checked="checked"';
$this->view->assign('sendpmseccode', $sendpmseccodechecked);
$this->view->assign('addappbyurl', $addappbyurlchecked);
$this->view->assign('insecureoperation', $insecureoperationchecked);
$this->view->assign('passwordalgo', $settings['passwordalgo']);
$this->view->assign('passwordoptions', htmlspecialchars($settings['passwordoptions']));
$timeoffset = intval($settings['timeoffset'] / 3600);
$checkarray = array($timeoffset < 0 ? '0'.substr($timeoffset, 1) : $timeoffset => 'selected="selected"');
$this->view->assign('checkarray', $checkarray);
$this->view->assign('updated', $updated);
$this->view->assign('login_failedtime', $settings['login_failedtime']);
$this->view->display('admin_setting');
}
function updatecache() {
$this->load('cache');
$_ENV['cache']->updatedata('settings');
}
function onregister() {
$updated = false;
if($this->submitcheck()) {
$this->set_setting('doublee', getgpc('doublee', 'P'));
$this->set_setting('accessemail', getgpc('accessemail', 'P'));
$this->set_setting('censoremail', getgpc('censoremail', 'P'));
$this->set_setting('censorusername', getgpc('censorusername', 'P'));
$updated = true;
$this->writelog('setting_register_update');
$this->updatecache();
}
$settings = $this->get_setting($this->_setting_items);
if($updated) {
$this->_add_note_for_setting($settings);
}
$this->view->assign('a', getgpc('a'));
$doubleechecked = array('','');
$doubleechecked[$settings['doublee']] = 'checked="checked"';
$this->view->assign('doublee', $doubleechecked);
$this->view->assign('accessemail', $settings['accessemail']);
$this->view->assign('censoremail', $settings['censoremail']);
$this->view->assign('censorusername', $settings['censorusername']);
$this->view->assign('updated', $updated);
$this->view->display('admin_setting');
}
function onmail() {
$items = array('maildefault', 'mailsend', 'mailserver', 'mailport', 'mailtimeout', 'mailauth', 'mailfrom', 'mailauth_username', 'mailauth_password', 'maildelimiter', 'mailusername', 'mailsilent');
$updated = false;
if($this->submitcheck()) {
foreach($items as $item) {
$value = getgpc($item, 'P');
if($item == 'mailtimeout') {
$value = strlen(trim($value)) ? intval($value) : 30;
}
$this->set_setting($item, $value);
}
$updated = true;
$this->writelog('setting_mail_update');
$this->updatecache();
}
$settings = $this->get_setting($this->_setting_items);
if($updated) {
$this->_add_note_for_setting($settings);
}
foreach($items as $item) {
if($item == 'mailtimeout') {
$settings[$item] = strlen(trim($settings[$item])) ? intval($settings[$item]) : 30;
}
$this->view->assign($item, dhtmlspecialchars($settings[$item]));
}
$this->view->assign('a', getgpc('a'));
$this->view->assign('updated', $updated);
$this->view->display('admin_setting');
}
function _add_note_for_setting($settings) {
$this->load('note');
$_ENV['note']->add('updateclient', '', $this->serialize($settings, 1));
$_ENV['note']->send();
}
}

268
uc_server/control/admin/ucfiles.md5 Normal file
View File

@@ -0,0 +1,268 @@
0385752c2d59f767a08745ec5c184e3e *./admin.php
ac32c9e1f5286d86a4fe2ec70d4c42bb *./api
8cc30af099189f17fc39cfc2b490016a *./avatar.php
96eff00a176146218960e50347d9cf49 *./control
29c98250b07e4079f3906de984a27ef6 *./crossdomain.xml
cba7beb32835268b64190bc95a4ba48c *./data
5861434debb0780903e517525c22351e *./images
0feafb61e16c4a8922490da435cafdb2 *./index.php
0d673a9b9f136a7a6b6b25d4ff4bc1fd *./install
b7f758bee1311bf266967be187fb748f *./js
ccf267e9dcaf9ff2d315012060a7e1d6 *./lib
2bdbd8d3dddf47a9dad09787c54c8751 *./model
f576f07ce12ea5a7bf644f4ad5b235a5 *./plugin
d093e4cdf86aa6a86a460b237b8b30da *./release
daadebe24cc397eaedb16c5aef40a306 *./robots.txt
1f4899a85658c8e1931ad3b7d43b4560 *./view
7215ee9c7d9dc229d2921a40e899ec5f *data/avatar/index.htm
7215ee9c7d9dc229d2921a40e899ec5f *data/backup/index.htm
d41d8cd98f00b204e9800998ecf8427e *data/cache/index.htm
7215ee9c7d9dc229d2921a40e899ec5f *data/index.htm
7215ee9c7d9dc229d2921a40e899ec5f *data/logs/index.htm
d41d8cd98f00b204e9800998ecf8427e *data/tmp/index.htm
d41d8cd98f00b204e9800998ecf8427e *data/view/index.htm
10535839824beb48f37e841da38e303e *api/dbbak.php
d41d8cd98f00b204e9800998ecf8427e *api/index.htm
14be3ba21aad1ccea2ca79a8225d56cc *control/admin/admin.php
0942fd82578cd67d050f274a545963ea *control/admin/app.php
de28f7f5888d1821996d71d00bd24284 *control/admin/badword.php
72a4339c80c4a1dea4a2e644fa783e53 *control/admin/cache.php
81037b70fa4e87d076cd3514afb66158 *control/admin/credit.php
2d3cdac817e27b50ffabbcc335cf292a *control/admin/db.php
2a85723627e94562c272252c4ca3c539 *control/admin/domain.php
191e7c4979b968a51cf01895572590be *control/admin/feed.php
b00faf0962491a686c60d4d8bd78d456 *control/admin/frame.php
d41d8cd98f00b204e9800998ecf8427e *control/admin/index.htm
09dae67bfff6ad1ebf9119bf9da0e51e *control/admin/log.php
e5cbe7d464d499241b319a994ecb63f2 *control/admin/mail.php
eb85b007507bcabb25d40983880193e8 *control/admin/note.php
dea62a81dcb69b255a4deaac38602e0d *control/admin/plugin.php
8b649848712e62e46b0258ce64068eaf *control/admin/pm.php
0e9c93d9204b5f232eea6617ca594979 *control/admin/seccode.php
7ab559b8f307d3a6ab843b6aebb266ab *control/admin/setting.php
4f83011ac2bd10c95df5583cd69e9c0c *control/admin/user.php
cff8d2970aac4f9d1fd19109e20af6e5 *control/app.php
5055e3cf8e772dccec030af9c8394732 *control/credit.php
aba07c0e38ad0875a303ef418658afc2 *control/domain.php
42a0f7a167224fbcba01a9a6dc561493 *control/feed.php
984b3ca201d58e21e3d6a165255f4623 *control/friend.php
7215ee9c7d9dc229d2921a40e899ec5f *control/index.htm
07ff3f0c057ece1f6b5f53c58e42cb89 *control/mail.php
a4f51b281ebc27ba4b71408caa4f3f52 *control/pm.php
40510924c9993ed89085b327dfbfcc3f *control/pm_client.php
ce7796094e78511fda6bb892baf11501 *control/seccode.php
0d2d3e7e61f7834c5133d1151e493368 *control/tag.php
4c3f837b2448ec7ef35d8511752048e5 *control/user.php
fa6e51baef21c1104e6a9c9bea515b93 *control/version.php
ec0e59d7cef33e37c5903af8a4303f9a *model/admin.php
8205147797b99f27395e796a2a626cfc *model/app.php
cce86c8ce09799e95363de7b8ccfac7a *model/badword.php
a8a9056bf248755d65bae1048355dbad *model/base.php
4f08ce941fdef0ff96f352ba5aaec307 *model/cache.php
d4fde3d32ba28d296f8b7b069bff016c *model/cron.php
74b4e3c17a429bfba12edee20d4e13ba *model/domain.php
c0dec6b7bcbf660a3fe9d9de1d782629 *model/feed.php
87d25e6d940ccc1358c63e83e21474a3 *model/friend.php
7215ee9c7d9dc229d2921a40e899ec5f *model/index.htm
0aafd28160be775def515e78352bfd29 *model/mail.php
7596df358356594c6cbf99e03481b605 *model/misc.php
19f1d9cc69e809f0ebfc548fbdc8ba61 *model/note.php
b23f0e5290103a3ea89fe1e3275f7826 *model/plugin.php
5479ac7219712c5aacd45514619aafba *model/pm.php
ba787d675b6b8db7549ae1a1eb97dc20 *model/setting.php
d7b379d38fbc0e8a120454a334a54499 *model/tag.php
b564b6871903fb8b5416b312bc975540 *model/user.php
5863499e81f1210950c1faef0f243b2b *model/var.php
cdc453e23980b4f7f894a3b15042a76c *model/version.php
5b3b6d9ee4ad98afe6dbb8a6e8cbc31c *lib/dbi.class.php
7215ee9c7d9dc229d2921a40e899ec5f *lib/index.htm
c121520183cc46e29204c4bf7af652da *lib/seccode.class.php
441f4eb0b041eea3dd7bef60d28ffcc8 *lib/sendmail.inc.php
ae92c4d817c0f3cfb61ffd7dcea0fb1d *lib/template.class.php
848c116587d29c14696b06c4f9d7daac *lib/uccode.class.php
7ccf3e6df76384119ab3f4f57df6a131 *lib/ucip.class.php
4afd5f62342793135e8e3a80dc1030c7 *lib/ucip_getter_dnslist.class.php
fb03073c2cc84fc9867013fd0b58f2a3 *lib/ucip_getter_header.class.php
a90ceac46628881d03a825e17ee31aa4 *lib/ucip_getter_iplist.class.php
a885fceaed7a0efca92f7b668329540a *lib/upload.class.php
40e2d97870dda73121a1c11c199e0e32 *lib/xml.class.php
d41d8cd98f00b204e9800998ecf8427e *plugin/filecheck/index.htm
497de42fe416946ddf59cf32e878f1ef *plugin/filecheck/plugin.php
c46605109aaaccfd8fc1665bd45cfb40 *plugin/filecheck/plugin.xml
5259f76ce41387e0218eb54c38a616c9 *plugin/filecheck/plugin_filecheck.htm
d41d8cd98f00b204e9800998ecf8427e *plugin/index.htm
d41d8cd98f00b204e9800998ecf8427e *plugin/replacemykey/index.htm
b5473807c40c6a1a4ab828aa719a9ca2 *plugin/replacemykey/plugin.php
7a65c32c302efac89e28a24b649795d9 *plugin/replacemykey/plugin.xml
d48eef5264297ddcd31685562f11d607 *plugin/replacemykey/plugin_replacemykey.htm
421e9965d42e7af12899788545ccf141 *images/admincp.css
bc3876c0904d9f3f51136effb2fb4c3d *images/avatar/arrow_down_big.gif
a221a06ac491aa71c92e759e6ac4963f *images/avatar/avatar.css
f525d6300adc770a1de79f89bb148d98 *images/avatar/avatar_back.gif
24e97b340ec9e9d72535db8e1f8087c5 *images/avatar/avatar_blank.gif
ba59ae3abc3a75b97fb6186cfe9115ea *images/avatar/avatar_finishback.png
2d5330771556729626dc253937e89877 *images/avatar/avatar_finishbutton.gif
38c8a1e48fa4003201af428a3515866b *images/avatar/avatar_lattice.png
05190dde781043370d7aa22bda21a716 *images/avatar/avatar_save.gif
8ab9e499a4f73143cc6881ff3a9eaaa8 *images/avatar/avatar_upload.gif
d41d8cd98f00b204e9800998ecf8427e *images/avatar/index.htm
18e2222cdf584db09ad3d83a1c9cb686 *images/avatar/ui-bg_flat_0_aaaaaa_40x100.png
3c739f0850728b9d2b21fabce555c8bf *images/avatar/ui-bg_flat_75_ffffff_40x100.png
3f439c206bd6e523e0075ee3e82cc5e2 *images/avatar/ui-bg_glass_55_fbf9ee_1x400.png
6ccf201ccb17973dd062dda17a9fd73e *images/avatar/ui-bg_glass_65_ffffff_1x400.png
0b4c9ca5a3f0f6355472b1731f959e30 *images/avatar/ui-bg_glass_75_dadada_1x400.png
0c16ca5bcb5327f16afe2d8467451081 *images/avatar/ui-bg_glass_75_e6e6e6_1x400.png
e8ee05b25304eabc1b86ec7a17aa153b *images/avatar/ui-bg_glass_95_fef1ec_1x400.png
2642c213d0fa88dac3f62aa7f014d2eb *images/avatar/ui-bg_highlight-soft_75_cccccc_1x100.png
2f5e9f0d1587490a6862464a9f581b00 *images/avatar/ui-icons_222222_256x240.png
3c2fbee895a768a97fedbcf750dab247 *images/avatar/ui-icons_2e83ff_256x240.png
e167cf8dd7c618441075253753d00fbd *images/avatar/ui-icons_454545_256x240.png
96cc018bb337ee2a8844b7b5f5fd02e7 *images/avatar/ui-icons_888888_256x240.png
59626b9493951a7c9e431e8ec5e4478f *images/avatar/ui-icons_cd0a0a_256x240.png
d3af6beed6f4c5941d8474d8c30de6ab *images/bg_login.gif
4fbf05bd615747043ff441b3be626935 *images/bg_repno.gif
45f5c756abcc348a6eef20280acd501c *images/bg_repx.gif
aca41a8eb347169d6d9f6d30bfd05760 *images/bg_repx_h.gif
7377bcd49e20f6c89031b6edc49e9078 *images/bg_repx_hb.gif
34dca4083cff131768ee4622df5be1a0 *images/bg_repx_hc.gif
dfceed64760a1f13574ad0aae8716d7a *images/bg_repx_hd.gif
5c7dc4e98f14c7fcaeb0f48c25521582 *images/bg_repy.gif
d749328a42f93fbb38530b3e56e9d8b7 *images/bg_tab_line.gif
3dea8dbe399a685950696ba4de3c81ea *images/camera.swf
c26b00c65530337202b3c2fb7e312a68 *images/correct.gif
3841a9d07dff4c2b532858e1a37e2e07 *images/default/btnbg.gif
6c0042d61b2fd00c1eaf8d6f235fcb8d *images/default/citeicon.gif
1c9c5d496c50c93360b5c9beaec05824 *images/default/codeicon.gif
ebc3ebfe2030ac169f67f46068151321 *images/default/editor.gif
9427dd2ee478413e6e69ea18f883a4f2 *images/default/headerbg.gif
7215ee9c7d9dc229d2921a40e899ec5f *images/default/index.htm
1b1eedef102241df95b5373c39cd2c44 *images/default/moreuser.gif
3fb36e32f3174880a725429c69471374 *images/default/navbg.gif
73f3cb40a1f93bd336c8a76d18b8bca6 *images/default/navborder.gif
77a3abd14ed1c5e5a3ba08feed25596a *images/default/navonbg.gif
17491987ef2d616958f9ea2a80a14236 *images/default/newpm.gif
b9aa4c8e088d9a3a5084aae5658800e3 *images/default/selectpm.gif
35512e7e6b33d45785f6e12edaa8bb78 *images/default/sendpm.gif
8b62e476c06d2b775a2764941595f275 *images/default/shrink.gif
75fc5f6113545a6e1887f19bb65ce6bf *images/default/spread.gif
7f181a5be7728e8d142bfa8381345b17 *images/default/style.css
2c691c702c6f99f2124872a750978d75 *images/default/viewpm.gif
8023f7060f74c5096c38986c6417351b *images/error.gif
7215ee9c7d9dc229d2921a40e899ec5f *images/fonts/ch/index.htm
4551e5ff11bce45780c17666d58d54bc *images/fonts/en/FetteSteinschrift.ttf
7215ee9c7d9dc229d2921a40e899ec5f *images/fonts/en/index.htm
7215ee9c7d9dc229d2921a40e899ec5f *images/fonts/index.htm
d41d8cd98f00b204e9800998ecf8427e *images/gif/index.htm
7f2c427e419dab7d1a393344d6f07e4e *images/gif/OCR_A_Extended/2.gif
6abadede0f4e967b038ac69a16525ddc *images/gif/OCR_A_Extended/3.gif
48cdd429871dc3d148b486ec52567338 *images/gif/OCR_A_Extended/4.gif
469178b649a9749fa9d4e1c22202fc1d *images/gif/OCR_A_Extended/6.gif
0a320ea7f96123389c3f5229e71cac88 *images/gif/OCR_A_Extended/7.gif
13bdc765d3660da6f1ec7b5254c069b9 *images/gif/OCR_A_Extended/8.gif
d27ecde71b96b655c9c28744e8dc7504 *images/gif/OCR_A_Extended/9.gif
94b7ff2d9fb9af8a81e16391417292d2 *images/gif/OCR_A_Extended/b.gif
012084f3c2eb004dde41bb1e661a4199 *images/gif/OCR_A_Extended/c.gif
d216f8e4726dc6c42c0ec910c7242c8c *images/gif/OCR_A_Extended/e.gif
574192191b37c831886e707a73db7331 *images/gif/OCR_A_Extended/f.gif
4f83b103fa9204dd02c7c0e2cd5b28d6 *images/gif/OCR_A_Extended/g.gif
b0be553679609735f5737de4d699f0e3 *images/gif/OCR_A_Extended/h.gif
7215ee9c7d9dc229d2921a40e899ec5f *images/gif/OCR_A_Extended/index.htm
94bfa0ee8de320a4d9fb27c60a81c166 *images/gif/OCR_A_Extended/j.gif
6ad111e8a2e887364fa4538a1c5696a3 *images/gif/OCR_A_Extended/k.gif
ccd299943d772a23fd627ceb2339cf00 *images/gif/OCR_A_Extended/m.gif
b4c9f827720ac90cf3e60da347298d88 *images/gif/OCR_A_Extended/p.gif
facc5b325f4c5267eb2ba2276ab11344 *images/gif/OCR_A_Extended/q.gif
05f102a282b1bd140808ebd4905a00e9 *images/gif/OCR_A_Extended/r.gif
2bb71603a97930d7dc964c7ad5f938a6 *images/gif/OCR_A_Extended/t.gif
71c796ce7277019346702c9cece66bac *images/gif/OCR_A_Extended/v.gif
b880a6dbe2f541e7a2a206b5ed060bde *images/gif/OCR_A_Extended/w.gif
b9c2cda80da20ca576a041436ec5d325 *images/gif/OCR_A_Extended/x.gif
a1d1a7234a91387247e05572eb7ce3a1 *images/gif/OCR_A_Extended/y.gif
210eab2a6aac169c4cff22726c7cf31d *images/gif/Small_Fonts/2.gif
3778789aef2f54d63f72fb67370d7bea *images/gif/Small_Fonts/3.gif
214538aebe9bcf1a67ffd64409098f60 *images/gif/Small_Fonts/4.gif
19a1e89e3fa1eb0da02961bd19993300 *images/gif/Small_Fonts/6.gif
7650644a730c2c5aab54f76ab08fa553 *images/gif/Small_Fonts/7.gif
b815c3d8530d3b8df1c9d97e73452378 *images/gif/Small_Fonts/8.gif
f4c7ec3cea67ee518ddeaef89c32c3e7 *images/gif/Small_Fonts/9.gif
bf07548e732b8c13d47198d184c5b48b *images/gif/Small_Fonts/b.gif
9d1cd311a3a88849e8fee8338d4bb613 *images/gif/Small_Fonts/c.gif
66b86aa8aa08360a3ccb56fd416757bd *images/gif/Small_Fonts/e.gif
d51a7ea9e101b476ea0919c61fc1393d *images/gif/Small_Fonts/f.gif
0e63939e22e106aad1954b4036bc038c *images/gif/Small_Fonts/g.gif
06f942f9527ca887847f63be52169cf6 *images/gif/Small_Fonts/h.gif
7215ee9c7d9dc229d2921a40e899ec5f *images/gif/Small_Fonts/index.htm
477159613def7b6d49eb3e6bf1dcbb96 *images/gif/Small_Fonts/j.gif
b2ef33f651bf2a76230f5693c6eb4876 *images/gif/Small_Fonts/k.gif
496e9f0e3ac01a70012b56160e327cca *images/gif/Small_Fonts/m.gif
671506b1b97ffc99827b387d96df274d *images/gif/Small_Fonts/p.gif
523aea03032519a5841e3e58837eb2ce *images/gif/Small_Fonts/q.gif
d902a7d160f0240d880c07810c019245 *images/gif/Small_Fonts/r.gif
184346e10b3738c0c116b0ac94f815bb *images/gif/Small_Fonts/t.gif
7998591fdfc080035bde69f0b1cb3356 *images/gif/Small_Fonts/v.gif
28ce7d393f697c1cf76b7f60144f140c *images/gif/Small_Fonts/w.gif
f1c5e779fdbf024d19fb578b7e06ea2c *images/gif/Small_Fonts/x.gif
5df21820742385217f6bf4b11824e524 *images/gif/Small_Fonts/y.gif
7215ee9c7d9dc229d2921a40e899ec5f *images/index.htm
3108ff46cd72be64fa798c3c053c0ac1 *images/locale.xml
a10a28d80a5f537074d5b96b3b6524d2 *images/noavatar.svg
12020705f9452035dea432f1e5b399fb *images/noavatar_big.gif
46ccf85e52575062c319633f5c0fc058 *images/noavatar_middle.gif
4d90ab1de43eaee5d6485e1ac18da854 *images/noavatar_small.gif
afddd35b063f8686ff995a5db578c8c9 *js/ajax.js
ebd3c99d34163d7d0870aee2429f0249 *js/avatar/avatar.js
d41d8cd98f00b204e9800998ecf8427e *js/avatar/index.htm
6a8d2ad2b8a68c521fa71d81dfea6142 *js/avatar/jquery-ui.min.js
e1288116312e4728f98923c79b034b67 *js/avatar/jquery.min.js
c8323955b8b6a4393372de9e122853a3 *js/calendar.js
0e8249b8c83ab93350d6864e106da182 *js/common.js
7215ee9c7d9dc229d2921a40e899ec5f *js/index.htm
904fbd9ee2c415bbee0fa4f9ccce4f83 *js/pm_editor.js
019d0509dd827c765be56d054ae8b3b1 *release/release.php
f5ca4573eda7e4e57c93e7f56893b354 *view/default/admin.lang.php
5de71114c9c4e1db2a69abab5b7428b1 *view/default/admin_admin.htm
d05e6869168a47c29e4a07226f344314 *view/default/admin_app.htm
144937a3b9476d80de4327ec4a6b0e26 *view/default/admin_badword.htm
a4c9e9f885fc9fad0775471a29ce1c6b *view/default/admin_cache.htm
a7c556480c133dc4b807acac8b07dcfb *view/default/admin_credit.htm
2289fbbc6bafff6ee29e57eda5ef17e7 *view/default/admin_db.htm
148cd0c9638d7d97e70bf840b856b6e6 *view/default/admin_domain.htm
c5b37cad1f7632a99a5cea682c4dbab5 *view/default/admin_feed.htm
174536a93a5116588fcee3162d48c131 *view/default/admin_frame_header.htm
ffdfec8855a0966ea96f4b4d9b19aecf *view/default/admin_frame_index.htm
77f7ee882805cea110d455bff8924959 *view/default/admin_frame_main.htm
85b055fbdfd3dc07a734fcd6592bb9b1 *view/default/admin_frame_menu.htm
437a9c540f3e3a1399a59723f7334055 *view/default/admin_log.htm
86406ddd5d03453d8827b4f77635e1e6 *view/default/admin_login.htm
6bf22f1fe1ca22101bcad871dc903430 *view/default/admin_mail.htm
4d783a0c883f0483538ad4f87a79d357 *view/default/admin_note.htm
79f736a4c4429b0778c535f570f7e96e *view/default/admin_pm_clear.htm
86081a9116560262c10b4bbe380fd1a9 *view/default/admin_pm_search.htm
3db0c4ed5f1f736af691157dcdd6280a *view/default/admin_setting.htm
2f5639b3e30068dfe9c930c7e853e960 *view/default/admin_tag.htm
c95cfb80efeaebc2e8a790c7f072d268 *view/default/admin_user.htm
3b1c724231b5b04b4d93f21c42c4c108 *view/default/admin_user_log.htm
575a286b0a10f311f689f5ee6c865dbc *view/default/camera.htm
008d9c24de6c0976c5c519382d1e5636 *view/default/footer.htm
cb9dab25bc7d9482efe4dafdea127849 *view/default/footer_ajax.htm
44eeece0ebe20f90106e281857eb61ee *view/default/footer_client.htm
a30d784e8ebd32f4c4b0ffa6f229a5b9 *view/default/header.htm
b5a4f84b23fdefbc19ec2b02169ad626 *view/default/header_ajax.htm
ca56e94572c998edbca29d67661b95fa *view/default/header_client.htm
7215ee9c7d9dc229d2921a40e899ec5f *view/default/index.htm
0651b7e9455824e78eab386cbca6d22a *view/default/main.lang.php
998b620c83be4e7caff9311f767327ae *view/default/message.htm
ef6b499f7eada56ecf60d2607272727e *view/default/messages.lang.php
7819252a557b50879b0e80396013683d *view/default/message_client.htm
21d15220756918b854defbd846c8aaa9 *view/default/plugin_footer.htm
129f9001a03223d43a04f24425aba7fd *view/default/plugin_header.htm
cfcf3bb6aeff9a878f5bf8061f19a707 *view/default/pm_blackls.htm
936cb7d54206d48bb6530c4c25c6f022 *view/default/pm_editorbar.htm
2d6a9f1c3244fd740bf3601f1578170f *view/default/pm_ls.htm
665031e7214ac409e3487d97f3823b09 *view/default/pm_member.htm
78cfbfb3fadc76e11e449f2a0ffbf8c0 *view/default/pm_nav.htm
acfeb7cbe2250a37032937ab78a62706 *view/default/pm_send.htm
c40c95219ebaafcfac4ff55b83774997 *view/default/pm_view.htm
0243f1691566ce77cc0670b48946500c *view/default/templates.lang.php
42fa0f40e601b24e3dbdd91ac05ce696 *view/default/user_avatar.htm
7215ee9c7d9dc229d2921a40e899ec5f *view/index.htm

372
uc_server/control/admin/user.php Normal file
View File

@@ -0,0 +1,372 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: user.php 1166 2014-11-03 01:49:32Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
define('UC_USER_CHECK_USERNAME_FAILED', -1);
define('UC_USER_USERNAME_BADWORD', -2);
define('UC_USER_USERNAME_EXISTS', -3);
define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
define('UC_USER_EMAIL_EXISTS', -6);
define('UC_LOGIN_SUCCEED', 0);
define('UC_LOGIN_ERROR_FOUNDER_PW', -1);
define('UC_LOGIN_ERROR_ADMIN_PW', -2);
define('UC_LOGIN_ERROR_ADMIN_NOT_EXISTS', -3);
define('UC_LOGIN_ERROR_SECCODE', -4);
define('UC_LOGIN_ERROR_FAILEDLOGIN', -5);
class control extends adminbase {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
if(getgpc('a') != 'login' && getgpc('a') != 'logout') {
if(!$this->user['isfounder'] && !$this->user['allowadminuser']) {
$this->message('no_permission_for_this_module');
}
}
$this->load('user');
}
function onlogin() {
$authkey = md5(UC_KEY.$_SERVER['HTTP_USER_AGENT'].$this->onlineip);
$this->load('user');
$username = getgpc('username', 'P');
$password = getgpc('password', 'P');
$iframe = getgpc('iframe') ? 1 : 0;
$isfounder = intval(getgpc('isfounder', 'P'));
$rand = rand(100000, 999999);
$seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 180));
$errorcode = 0;
if($this->submitcheck()) {
if($isfounder == 1) {
$username = 'UCenterAdministrator';
}
$can_do_login = $_ENV['user']->can_do_login($username, $this->onlineip);
if(!$can_do_login) {
$errorcode = UC_LOGIN_ERROR_FAILEDLOGIN;
} else {
$seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
$seccode = strtoupper(getgpc('seccode', 'P'));
$seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
require UC_ROOT.'./lib/seccode.class.php';
if(!seccode::seccode_check($seccodehidden, $seccode)) {
$errorcode = UC_LOGIN_ERROR_SECCODE;
} else {
$errorcode = UC_LOGIN_SUCCEED;
$this->user['username'] = $username;
if($isfounder == 1) {
$this->user['username'] = 'UCenterAdministrator';
if($_ENV['user']->verify_password($password, UC_FOUNDERPW, UC_FOUNDERSALT)) {
$chkstatus = $_ENV['user']->upgrade_founderpw($password, UC_FOUNDERPW, UC_FOUNDERSALT);
if($chkstatus === 2) {
$this->writelog('admin_pw_upgrade');
}
$username = $this->user['username'];
$this->view->sid = $this->sid_encode($this->user['username']);
} else {
$errorcode = UC_LOGIN_ERROR_FOUNDER_PW;
}
} else {
$admin = $this->db->fetch_first("SELECT a.uid,m.username,m.salt,m.password FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) WHERE a.username='$username'");
if(!empty($admin)) {
if($_ENV['user']->verify_password($password, $admin['password'], $admin['salt'])) {
$_ENV['user']->upgrade_password($username, $password, $admin['password'], $admin['salt']);
$this->view->sid = $this->sid_encode($admin['username']);
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_PW;
}
} else {
$errorcode = UC_LOGIN_ERROR_ADMIN_NOT_EXISTS;
}
}
if($errorcode == 0) {
$this->setcookie('sid', $this->view->sid, 86400);
$this->user['admin'] = 1;
$this->writelog('login', 'succeed');
if($iframe) {
header('location: '.UC_ADMINSCRIPT.'?m=frame&a=main&iframe=1'.($this->cookie_status ? '' : '&sid='.$this->view->sid));
exit;
} else {
header('location: '.UC_ADMINSCRIPT.($this->cookie_status ? '' : '?sid='.$this->view->sid));
exit;
}
} else {
$pwlen = strlen($password);
$this->writelog('login', 'error: user='.$this->user['username'].'; password='.($pwlen > 2 ? preg_replace("/^(.{".round($pwlen / 4)."})(.+?)(.{".round($pwlen / 6)."})$/s", "\\1***\\3", $password) : $password));
$_ENV['user']->loginfailed($username, $this->onlineip);
}
}
}
}
$username = dhtmlspecialchars($username);
$password = dhtmlspecialchars($password);
$this->view->assign('seccodeinit', $seccodeinit);
$this->view->assign('username', $username);
$this->view->assign('password', $password);
$this->view->assign('isfounder', $isfounder);
$this->view->assign('errorcode', $errorcode);
$this->view->assign('iframe', $iframe);
$this->view->display('admin_login');
}
function onlogout() {
$this->writelog('logout');
$this->setcookie('sid', '');
header('location: '.UC_ADMINSCRIPT);
}
function onadd() {
if(!$this->submitcheck('submit')) {
exit;
}
$username = getgpc('addname', 'P');
$password = getgpc('addpassword', 'P');
$email = getgpc('addemail', 'P');
if(($status = $this->_check_username($username)) < 0) {
if($status == UC_USER_CHECK_USERNAME_FAILED) {
$this->message('user_add_username_ignore', 'BACK');
} elseif($status == UC_USER_USERNAME_BADWORD) {
$this->message('user_add_username_badwords', 'BACK');
} elseif($status == UC_USER_USERNAME_EXISTS) {
$this->message('user_add_username_exists', 'BACK');
}
}
if(($status = $this->_check_email($email)) < 0) {
if($status == UC_USER_EMAIL_FORMAT_ILLEGAL) {
$this->message('user_add_email_formatinvalid', 'BACK');
} elseif($status == UC_USER_EMAIL_ACCESS_ILLEGAL) {
$this->message('user_add_email_ignore', 'BACK');
} elseif($status == UC_USER_EMAIL_EXISTS) {
$this->message('user_add_email_exists', 'BACK');
}
}
$uid = $_ENV['user']->add_user($username, $password, $email);
$this->message('user_add_succeed', UC_ADMINSCRIPT.'?m=user&a=ls');
}
function onls() {
include_once UC_ROOT.'view/default/admin.lang.php';
$status = 0;
if(!empty($_POST['addname']) && $this->submitcheck()) {
$this->check_priv();
$username = getgpc('addname', 'P');
$password = getgpc('addpassword', 'P');
$email = getgpc('addemail', 'P');
if(($status = $this->_check_username($username)) >= 0) {
if(($status = $this->_check_email($email)) >= 0) {
$_ENV['user']->add_user($username, $password, $email);
$status = 1;
$this->writelog('user_add', "username=$username");
}
}
}
if($this->submitcheck() && !empty($_POST['delete'])) {
$_ENV['user']->delete_user($_POST['delete']);
$status = 2;
$this->writelog('user_delete', "uid=".implode(',', $_POST['delete']));
}
$srchname = getgpc('srchname', 'R');
$srchregdatestart = getgpc('srchregdatestart', 'R');
$srchregdateend = getgpc('srchregdateend', 'R');
$srchuid = intval(getgpc('srchuid', 'R'));
$srchregip = trim(getgpc('srchregip', 'R'));
$srchemail = trim(getgpc('srchemail', 'R'));
$sqladd = $urladd = '';
if($srchname) {
$sqladd .= " AND username LIKE '$srchname%'";
$this->view->assign('srchname', $srchname);
} else {
$this->view->assign('srchname', '');
}
if($srchuid) {
$sqladd .= " AND uid='$srchuid'";
$this->view->assign('srchuid', $srchuid);
} else {
$this->view->assign('srchuid', '');
}
if($srchemail) {
$sqladd .= " AND email='$srchemail'";
$this->view->assign('srchemail', $srchemail);
} else {
$this->view->assign('srchemail', '');
}
if($srchregdatestart) {
$urladd .= '&srchregdatestart='.$srchregdatestart;
$sqladd .= " AND regdate>'".strtotime($srchregdatestart)."'";
$this->view->assign('srchregdatestart', $srchregdatestart);
} else {
$this->view->assign('srchregdatestart', '');
}
if($srchregdateend) {
$urladd .= '&srchregdateend='.$srchregdateend;
$sqladd .= " AND regdate<'".strtotime($srchregdateend)."'";
$this->view->assign('srchregdateend', $srchregdateend);
} else {
$this->view->assign('srchregdateend', '');
}
if($srchregip) {
$urladd .= '&srchregip='.$srchregip;
$sqladd .= " AND regip='$srchregip'";
$this->view->assign('srchregip', $srchregip);
} else {
$this->view->assign('srchregip', '');
}
$sqladd = $sqladd ? " WHERE 1 $sqladd" : '';
$num = $_ENV['user']->get_total_num($sqladd);
$userlist = $_ENV['user']->get_list($_GET['page'], UC_PPP, $num, $sqladd);
foreach($userlist as $key => $user) {
$user['smallavatar'] = '<img src="avatar.php?uid='.$user['uid'].'&size=small" class="avt">';
$userlist[$key] = $user;
}
$multipage = $this->page($num, UC_PPP, $_GET['page'], UC_ADMINSCRIPT.'?m=user&a=ls&srchname='.$srchname.$urladd);
$this->_format_userlist($userlist);
$this->view->assign('userlist', $userlist);
$adduser = getgpc('adduser');
$a = getgpc('a');
$this->view->assign('multipage', $multipage);
$this->view->assign('adduser', $adduser);
$this->view->assign('a', $a);
$this->view->assign('status', $status);
$this->view->display('admin_user');
}
function onedit() {
$uid = getgpc('uid');
$status = 0;
if(!$this->user['isfounder']) {
$isprotected = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid = '$uid'");
if($isprotected) {
$this->message('user_edit_noperm');
}
}
if($this->submitcheck()) {
$username = getgpc('username', 'P');
$newusername = getgpc('newusername', 'P');
$password = getgpc('password', 'P');
$email = getgpc('email', 'P');
$secmobicc = intval(getgpc('secmobicc', 'P'));
$secmobile = intval(getgpc('secmobile', 'P'));
$delavatar = getgpc('delavatar', 'P');
$rmrecques = getgpc('rmrecques', 'P');
$sqladd = '';
if(!empty($secmobile) && ($status = $_ENV['user']->check_secmobileexists($secmobicc, $secmobile, $username)) > 0) {
$this->message('admin_mobile_exists');
}
if($username != $newusername) {
if($_ENV['user']->get_user_by_username($newusername)) {
$this->message('admin_user_exists');
}
$sqladd .= "username='$newusername', ";
$_ENV['user']->user_log($uid, 'renameuser', 'uid='.$uid.'&oldusername='.urlencode($username).'&newusername='.urlencode($newusername));
$this->load('note');
$_ENV['note']->add('renameuser', 'uid='.$uid.'&oldusername='.urlencode($username).'&newusername='.urlencode($newusername));
}
if($password) {
$salt = '';
$password = $_ENV['user']->generate_password($password);
$sqladd .= "password='$password', salt='$salt', ";
$this->load('note');
$_ENV['note']->add('updatepw', 'username='.urlencode($username).'&password=');
}
if($rmrecques) {
$sqladd .= "secques='', ";
}
if(!empty($delavatar)) {
$_ENV['user']->delete_useravatar($uid);
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd email='$email', secmobicc='$secmobicc', secmobile='$secmobile' WHERE uid='$uid'");
$status = $this->db->errno() ? -1 : 1;
if($status > 0) {
$_ENV['user']->user_log($uid, 'edituser', 'uid='.$uid.'&email='.urlencode($email).'&secmobicc='.urlencode($secmobicc).'&secmobile='.urlencode($secmobile));
}
}
$user = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");
$user['bigavatar'] = '<img src="avatar.php?uid='.$uid.'&size=big">';
$user['bigavatarreal'] = '<img src="avatar.php?uid='.$uid.'&size=big&type=real">';
$this->view->assign('uid', $uid);
$this->view->assign('user', $user);
$this->view->assign('status', $status);
$this->view->display('admin_user');
}
function onlogls() {
$page = getgpc('page');
$num = $_ENV['user']->user_log_total_num();
$userlog = $_ENV['user']->user_log_list($page, UC_PPP, $num);
$multipage = $this->page($num, UC_PPP, $page, UC_ADMINSCRIPT.'?m=user&a=logls');
$this->view->assign('userlog', $userlog);
$this->view->assign('multipage', $multipage);
$this->view->display('admin_user_log');
}
function _check_username($username) {
$username = addslashes(trim(stripslashes($username)));
if(!$_ENV['user']->check_username($username)) {
return UC_USER_CHECK_USERNAME_FAILED;
} elseif($_ENV['user']->check_usernameexists($username)) {
return UC_USER_USERNAME_EXISTS;
}
return 1;
}
function _check_email($email) {
if(!$_ENV['user']->check_emailformat($email)) {
return UC_USER_EMAIL_FORMAT_ILLEGAL;
} elseif(!$_ENV['user']->check_emailaccess($email)) {
return UC_USER_EMAIL_ACCESS_ILLEGAL;
} elseif(!$this->settings['doublee'] && $_ENV['user']->check_emailexists($email)) {
return UC_USER_EMAIL_EXISTS;
} else {
return 1;
}
}
function _check_secmobile($secmobicc, $secmobile, $username = '') {
return $_ENV['user']->check_secmobileexists($secmobicc, $secmobile, $username);
}
function _format_userlist(&$userlist) {
if(is_array($userlist)) {
foreach($userlist AS $key => $user) {
$userlist[$key]['regdate'] = $this->date($user['regdate']);
}
}
}
}
?>

150
uc_server/control/app.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: app.php 1102 2011-05-30 09:40:42Z svn_project_zhangjie $
*/
!defined('IN_UC') && exit('Access Denied');
class appcontrol extends base {
function __construct() {
$this->appcontrol();
}
function appcontrol() {
parent::__construct();
$this->load('app');
$this->load('user');
}
function onls() {
$this->init_input();
$applist = $_ENV['app']->get_apps('appid, type, name, url, tagtemplates, viewprourl, synlogin');
$applist2 = array();
foreach($applist as $key => $app) {
$app['tagtemplates'] = $this->unserialize($app['tagtemplates']);
$applist2[$app['appid']] = $app;
}
return $applist2;
}
function onadd() {
$ucfounderpw = getgpc('ucfounderpw', 'P');
$apptype = getgpc('apptype', 'P');
$appname = getgpc('appname', 'P');
$appurl = getgpc('appurl', 'P');
$appip = getgpc('appip', 'P');
$apifilename = trim(getgpc('apifilename', 'P'));
$viewprourl = getgpc('viewprourl', 'P');
$appcharset = getgpc('appcharset', 'P');
$appdbcharset = getgpc('appdbcharset', 'P');
$apptagtemplates = getgpc('apptagtemplates', 'P');
$appallowips = getgpc('allowips', 'P');
$apifilename = $apifilename ? $apifilename : 'uc.php';
if(!$this->settings['addappbyurl'] || !$_ENV['user']->can_do_login('UCenterAdministrator', $this->onlineip)) {
exit('-1');
}
if($_ENV['user']->verify_password($ucfounderpw, UC_FOUNDERPW, UC_FOUNDERSALT) || (strlen($ucfounderpw) == 32 && hash_equals($ucfounderpw, md5(UC_FOUNDERPW)))) {
@ob_start();
$return = '';
$this->_writelog('login', 'succeed_by_url_add_app');
$app = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."applications WHERE url='$appurl' AND type='$apptype'");
if(empty($app)) {
$authkey = $this->generate_key(64);
$apptagtemplates = $this->serialize($apptagtemplates, 1);
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."applications SET
name='$appname',
url='$appurl',
ip='$appip',
apifilename='$apifilename',
authkey='$authkey',
viewprourl='$viewprourl',
synlogin='1',
charset='$appcharset',
dbcharset='$appdbcharset',
type='$apptype',
recvnote='1',
tagtemplates='$apptagtemplates',
allowips='$appallowips'
");
$appid = $this->db->insert_id();
$this->_writelog('app_add', "appid=$appid; appname=$appname; by=url_add");
$_ENV['app']->alter_app_table($appid, 'ADD');
$return = "$authkey|$appid|".UC_DBHOST.'|'.UC_DBNAME.'|'.UC_DBUSER.'|'.UC_DBPW.'|'.UC_DBCHARSET.'|'.UC_DBTABLEPRE.'|'.UC_CHARSET;
$this->load('cache');
$_ENV['cache']->updatedata('apps');
$this->load('note');
$notedata = $this->db->fetch_all("SELECT appid, type, name, url, ip, charset, synlogin, extra FROM ".UC_DBTABLEPRE."applications");
$notedata = $this->_format_notedata($notedata);
$notedata['UC_API'] = UC_API;
$_ENV['note']->add('updateapps', '', $this->serialize($notedata, 1));
$_ENV['note']->send();
} else {
$this->_writelog('app_queryinfo', "appid={$app['appid']}; by=url_add");
$return = "{$app['authkey']}|{$app['appid']}|".UC_DBHOST.'|'.UC_DBNAME.'|'.UC_DBUSER.'|'.UC_DBPW.'|'.UC_DBCHARSET.'|'.UC_DBTABLEPRE.'|'.UC_CHARSET;
}
@ob_end_clean();
exit($return);
} else {
$pwlen = strlen($ucfounderpw);
$this->_writelog('login', 'error_by_url_add_app: user=UCenterAdministrator; password='.($pwlen > 2 ? preg_replace("/^(.{".round($pwlen / 4)."})(.+?)(.{".round($pwlen / 6)."})$/s", "\\1***\\3", $ucfounderpw) : $ucfounderpw));
$_ENV['user']->loginfailed('UCenterAdministrator', $this->onlineip);
exit('-1');
}
}
function onucinfo() {
if(!$this->settings['addappbyurl']) {
exit('-1');
}
$arrapptypes = $this->db->fetch_all("SELECT DISTINCT type FROM ".UC_DBTABLEPRE."applications");
$apptypes = $tab = '';
foreach($arrapptypes as $apptype) {
$apptypes .= $tab.$apptype['type'];
$tab = "\t";
}
exit("UC_STATUS_OK|".UC_SERVER_VERSION."|".UC_SERVER_RELEASE."|".UC_CHARSET."|".UC_DBCHARSET."|".$apptypes);
}
function _format_notedata($notedata) {
$arr = array();
foreach($notedata as $key => $note) {
$arr[$note['appid']] = $note;
}
return $arr;
}
function _writelog($action, $extra = '') {
$log = dhtmlspecialchars('UCenterAdministrator'."\t".$this->onlineip."\t".$this->time."\t$action\t$extra");
$logfile = UC_ROOT.'./data/logs/'.gmdate('Ym', $this->time).'.php';
if(@filesize($logfile) > 2048000) {
PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
$hash = '';
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
for($i = 0; $i < 4; $i++) {
$hash .= $chars[mt_rand(0, 61)];
}
@rename($logfile, UC_ROOT.'./data/logs/'.gmdate('Ym', $this->time).'_'.$hash.'.php');
}
file_put_contents($logfile, "<?PHP exit;?>\t".str_replace(array('<?', '?>', '<?php'), '', $log)."\n", FILE_APPEND);
}
}
?>

43
uc_server/control/credit.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: credit.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class creditcontrol extends base {
function __construct() {
$this->creditcontrol();
}
function creditcontrol() {
parent::__construct();
$this->init_input();
$this->load('note');
$this->load('misc');
}
function onrequest() {
$uid = intval($this->input('uid'));
$from = intval($this->input('from'));
$to = intval($this->input('to'));
$toappid = intval($this->input('toappid'));
$amount = intval($this->input('amount'));
$status = 0;
$this->settings['creditexchange'] = @unserialize($this->settings['creditexchange']);
if(isset($this->settings['creditexchange'][$this->app['appid'].'_'.$from.'_'.$toappid.'_'.$to])) {
$toapp = $app = $this->cache['apps'][$toappid];
$url = $_ENV['note']->get_url_code('updatecredit', "uid=$uid&credit=$to&amount=$amount", $toappid);
$status = trim($_ENV['misc']->dfopen($url, 0, '', '', 1, $toapp['ip'], UC_NOTE_TIMEOUT));
}
echo $status ? 1 : 0;
exit;
}
}
?>

29
uc_server/control/domain.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: domain.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class domaincontrol extends base {
function __construct() {
$this->domaincontrol();
}
function domaincontrol() {
parent::__construct();
$this->init_input();
$this->load('domain');
}
function onls() {
return $_ENV['domain']->get_list(1, 9999, 9999);
}
}
?>

105
uc_server/control/feed.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: feed.php 1139 2012-05-08 09:02:11Z liulanbo $
*/
!defined('IN_UC') && exit('Access Denied');
class feedcontrol extends base {
function __construct() {
$this->feedcontrol();
}
function feedcontrol() {
parent::__construct();
$this->init_input();
}
function onadd() {
$this->load('misc');
$appid = intval($this->input('appid'));
$icon = $this->input('icon');
$uid = intval($this->input('uid'));
$username = $this->input('username');
$body_data = $_ENV['misc']->array2string($this->input('body_data'));
$title_data = $_ENV['misc']->array2string($this->input('title_data'));
$title_template = $this->_parsetemplate($this->input('title_template'));
$body_template = $this->_parsetemplate($this->input('body_template'));
$body_general = $this->input('body_general');
$target_ids = $this->input('target_ids');
$image_1 = $this->input('image_1');
$image_1_link = $this->input('image_1_link');
$image_2 = $this->input('image_2');
$image_2_link = $this->input('image_2_link');
$image_3 = $this->input('image_3');
$image_3_link = $this->input('image_3_link');
$image_4 = $this->input('image_4');
$image_4_link = $this->input('image_4_link');
$hash_template = md5($title_template.$body_template);
$hash_data = md5($title_template.$title_data.$body_template.$body_data);
$dateline = $this->time;
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."feeds SET appid='$appid', icon='$icon', uid='$uid', username='$username',
title_template='$title_template', title_data='$title_data', body_template='$body_template', body_data='$body_data', body_general='$body_general',
image_1='$image_1', image_1_link='$image_1_link', image_2='$image_2', image_2_link='$image_2_link',
image_3='$image_3', image_3_link='$image_3_link', image_4='$image_4', image_4_link='$image_4_link',
hash_template='$hash_template', hash_data='$hash_data', target_ids='$target_ids', dateline='$dateline'");
return $this->db->insert_id();
}
function ondelete() {
$start = $this->input('start');
$limit = $this->input('limit');
$end = $start + $limit;
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."feeds WHERE feedid>'$start' AND feedid<'$end'");
}
function onget() {
$this->load('misc');
$limit = intval($this->input('limit'));
$delete = $this->input('delete');
$feedlist = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."feeds ORDER BY feedid DESC LIMIT $limit");
if($feedlist) {
$maxfeedid = $feedlist[0]['feedid'];
foreach($feedlist as $key => $feed) {
$feed['body_data'] = $_ENV['misc']->string2array($feed['body_data']);
$feed['title_data'] = $_ENV['misc']->string2array($feed['title_data']);
$feedlist[$key] = $feed;
}
}
if(!empty($feedlist)) {
if(!isset($delete) || $delete) {
$this->_delete(0, $maxfeedid);
}
}
return $feedlist;
}
function _delete($start, $end) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."feeds WHERE feedid>='$start' AND feedid<='$end'");
}
function _parsetemplate($template) {
$template = str_replace(array("\r", "\n"), '', $template);
$template = str_replace(array('<br>', '<br />', '<BR>', '<BR />'), "\n", $template);
$template = str_replace(array('<b>', '<B>'), '[B]', $template);
$template = str_replace(array('<i>', '<I>'), '[I]', $template);
$template = str_replace(array('<u>', '<U>'), '[U]', $template);
$template = str_replace(array('</b>', '</B>'), '[/B]', $template);
$template = str_replace(array('</i>', '</I>'), '[/I]', $template);
$template = str_replace(array('</u>', '</U>'), '[/U]', $template);
$template = dhtmlspecialchars($template);
$template = nl2br($template);
$template = str_replace(array('[B]', '[I]', '[U]', '[/B]', '[/I]', '[/U]'), array('<b>', '<i>', '<u>', '</b>', '</i>', '</u>'), $template);
return $template;
}
}
?>

59
uc_server/control/friend.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: friend.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class friendcontrol extends base {
function __construct() {
$this->friendcontrol();
}
function friendcontrol() {
parent::__construct();
$this->init_input();
$this->load('friend');
}
function ondelete() {
$uid = intval($this->input('uid'));
$friendids = $this->input('friendids');
$id = $_ENV['friend']->delete($uid, $friendids);
return $id;
}
function onadd() {
$uid = intval($this->input('uid'));
$friendid = $this->input('friendid');
$comment = $this->input('comment');
$id = $_ENV['friend']->add($uid, $friendid, $comment);
return $id;
}
function ontotalnum() {
$uid = intval($this->input('uid'));
$direction = intval($this->input('direction'));
$totalnum = $_ENV['friend']->get_totalnum_by_uid($uid, $direction);
return $totalnum;
}
function onls() {
$uid = intval($this->input('uid'));
$page = intval($this->input('page'));
$pagesize = intval($this->input('pagesize'));
$totalnum = intval($this->input('totalnum'));
$direction = intval($this->input('direction'));
$pagesize = $pagesize ? $pagesize : UC_PPP;
$totalnum = $totalnum ? $totalnum : $_ENV['friend']->get_totalnum_by_uid($uid);
$data = $_ENV['friend']->get_list($uid, $page, $pagesize, $totalnum, $direction);
return $data;
}
}
?>

1
uc_server/control/index.htm Normal file
View File

@@ -0,0 +1 @@

41
uc_server/control/mail.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: mail.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class mailcontrol extends base {
function __construct() {
$this->mailcontrol();
}
function mailcontrol() {
parent::__construct();
$this->init_input();
}
function onadd() {
$this->load('mail');
$mail = array();
$mail['appid'] = $this->app['appid'];
$mail['uids'] = explode(',', $this->input('uids'));
$mail['emails'] = explode(',', $this->input('emails'));
$mail['subject'] = $this->input('subject');
$mail['message'] = $this->input('message');
$mail['charset'] = $this->input('charset');
$mail['htmlon'] = intval($this->input('htmlon'));
$mail['level'] = abs(intval($this->input('level')));
$mail['frommail'] = $this->input('frommail');
$mail['dateline'] = $this->time;
return $_ENV['mail']->add($mail);
}
}
?>

365
uc_server/control/pm.php Normal file
View File

@@ -0,0 +1,365 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: pm.php 1067 2011-03-08 10:06:51Z svn_project_zhangjie $
*/
!defined('IN_UC') && exit('Access Denied');
define('PRIVATEPMTHREADLIMIT_ERROR', -1);
define('PMFLOODCTRL_ERROR', -2);
define('PMMSGTONOTFRIEND', -3);
define('PMSENDREGDAYS', -4);
define('CHATPMTHREADLIMIT_ERROR', -5);
define('CHATPMMEMBERLIMIT_ERROR', -7);
class pmcontrol extends base {
function __construct() {
$this->pmcontrol();
}
function pmcontrol() {
parent::__construct();
$this->load('user');
$this->load('pm');
}
function oncheck_newpm() {
$this->init_input();
$uid = intval($this->input('uid'));
$more = intval($this->input('more'));
if(!$_ENV['pm']->isnewpm($uid) && !$more) {
return 0;
}
$newprvpm = $_ENV['pm']->getpmnum($uid, 1, 1);
$newchatpm = $_ENV['pm']->getpmnum($uid, 2, 1);
$newpm = $newprvpm + $newchatpm;
if($more == 0) {
return $newpm;
} elseif($more == 1) {
return array('newpm' => $newpm, 'newprivatepm' => $newprvpm);
} elseif($more == 2 || $more == 3) {
if($more == 2) {
return array('newpm' => $newpm, 'newprivatepm' => $newprvpm, 'newchatpm' => $newchatpm);
} else {
$lastpm = $_ENV['pm']->lastpm($uid);
require_once UC_ROOT.'lib/uccode.class.php';
$this->uccode = new uccode();
$lastpm['lastsummary'] = $this->uccode->complie($lastpm['lastsummary']);
return array('newpm' => $newpm, 'newprivatepm' => $newprvpm, 'newchatpm' => $newchatpm, 'lastdate' => $lastpm['lastdateline'], 'lastmsgfromid' => $lastpm['lastauthorid'], 'lastmsgfrom' => $lastpm['lastauthorusername'], 'lastmsg' => $lastpm['lastsummary']);
}
} elseif($more == 4) {
return array('newpm' => $newpm, 'newprivatepm' => $newprvpm, 'newchatpm' => $newchatpm);
} else {
return 0;
}
}
function onsendpm() {
$this->init_input();
$fromuid = $this->input('fromuid');
$msgto = $this->input('msgto');
$subject = $this->input('subject');
$message = $this->input('message');
$replypmid = $this->input('replypmid');
$isusername = $this->input('isusername');
$type = $this->input('type');
if(!$fromuid) {
return 0;
}
$user = $_ENV['user']->get_user_by_uid($fromuid);
$user = daddslashes($user, 1);
if(!$user) {
return 0;
}
$this->user['uid'] = $user['uid'];
$this->user['username'] = $user['username'];
if($replypmid) {
$isusername = 0;
$plid = $_ENV['pm']->getplidbypmid($replypmid);
$msgto = $_ENV['pm']->getuidbyplid($plid);
unset($msgto[$this->user['uid']]);
} else {
if(!empty($msgto)) {
$msgto = array_unique(explode(',', $msgto));
}
}
if($isusername) {
$msgto = $_ENV['user']->name2id($msgto);
}
$countmsgto = count($msgto);
if($this->settings['pmsendregdays']) {
if($user['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) {
return PMSENDREGDAYS;
}
}
if($this->settings['chatpmmemberlimit']) {
if($type == 1 && ($countmsgto > ($this->settings['chatpmmemberlimit'] - 1))) {
return CHATPMMEMBERLIMIT_ERROR;
}
}
if($this->settings['pmfloodctrl']) {
if(!$_ENV['pm']->ispminterval($this->user['uid'], $this->settings['pmfloodctrl'])) {
return PMFLOODCTRL_ERROR;
}
}
if($this->settings['privatepmthreadlimit']) {
if(!$_ENV['pm']->isprivatepmthreadlimit($this->user['uid'], $this->settings['privatepmthreadlimit'])) {
return PRIVATEPMTHREADLIMIT_ERROR;
}
}
if($this->settings['chatpmthreadlimit']) {
if(!$_ENV['pm']->ischatpmthreadlimit($this->user['uid'], $this->settings['chatpmthreadlimit'])) {
return CHATPMTHREADLIMIT_ERROR;
}
}
$lastpmid = 0;
if($replypmid) {
$lastpmid = $_ENV['pm']->replypm($plid, $this->user['uid'], $this->user['username'], $message);
} else {
$lastpmid = $_ENV['pm']->sendpm($this->user['uid'], $this->user['username'], $msgto, $subject, $message, $type);
}
return $lastpmid;
}
function ondelete() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$pmids = $this->input('pmids');
if(empty($pmids)) {
return 0;
}
if(is_array($pmids)) {
$this->apps = $this->cache('apps');
if($this->apps[$this->app['appid']]['type'] == 'UCHOME') {
$id = $_ENV['pm']->deletepmbyplids($this->user['uid'], $this->input('pmids'));
} else {
$id = $_ENV['pm']->deletepmbypmids($this->user['uid'], $this->input('pmids'));
}
} else {
$id = $_ENV['pm']->deletepmbypmid($this->user['uid'], $this->input('pmids'));
}
return $id;
}
function ondeletechat() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$plids = $this->input('plids');
$type = intval($this->input('type'));
if($type == 1) {
return $_ENV['pm']->deletepmbyplids($this->user['uid'], $plids);
} else {
return $_ENV['pm']->quitchatpm($this->user['uid'], $plids);
}
}
function ondeleteuser() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$id = $_ENV['pm']->deletepmbyplids($this->user['uid'], $this->input('touids'), 1);
return $id;
}
function onreadstatus() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$_ENV['pm']->setpmstatus($this->user['uid'], $this->input('uids'), $this->input('plids'), $this->input('status'));
}
function onignore() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
return $_ENV['pm']->set_ignore($this->user['uid']);
}
function onls() {
$this->init_input();
$pagesize = $this->input('pagesize');
$filter = $this->input('filter');
$page = $this->input('page');
$msglen = $this->input('msglen');
$this->user['uid'] = intval($this->input('uid'));
$filter = $filter ? (in_array($filter, array('newpm', 'privatepm')) ? $filter : '') : '';
if($filter == 'newpm') {
$type = 0;
$new = 1;
} elseif($filter == 'privatepm') {
$type = 0;
$new = 0;
} else {
return array();
}
$pmnum = $_ENV['pm']->getpmnum($this->user['uid'], $type, $new);
$start = $this->page_get_start($page, $pagesize, $pmnum);
if($pagesize > 0) {
$pms = $_ENV['pm']->getpmlist($this->user['uid'], $filter, $start, $pagesize);
if(is_array($pms) && !empty($pms)) {
foreach($pms as $key => $pm) {
if($msglen) {
$pms[$key]['lastsummary'] = $_ENV['pm']->removecode($pms[$key]['lastsummary'], $msglen);
} else {
unset($pms[$key]['lastsummary']);
}
}
}
$result['data'] = $pms;
}
$result['count'] = $pmnum;
return $result;
}
function onview() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$pmid = $this->input('pmid');
$touid = $this->input('touid');
$daterange = $this->input('daterange');
$page = $this->input('page');
$pagesize = $this->input('pagesize');
$isplid = $this->input('isplid');
$type = $this->input('type');
$daterange = empty($daterange) ? 1 : $daterange;
$today = $this->time - ($this->time + $this->settings['timeoffset']) % 86400;
if($daterange == 1) {
$starttime = $today;
} elseif($daterange == 2) {
$starttime = $today - 86400;
} elseif($daterange == 3) {
$starttime = $today - 172800;
} elseif($daterange == 4) {
$starttime = $today - 604800;
} elseif($daterange == 5) {
$starttime = 0;
}
$endtime = $this->time;
if(!$isplid) {
$plid = $_ENV['pm']->getplidbytouid($this->user['uid'], $touid);
} else {
$plid = $touid;
}
if($page) {
$pmnum = $_ENV['pm']->getpmnumbyplid($this->user['uid'], $plid);
$start = $this->page_get_start($page, $pagesize, $pmnum);
$ppp = $pagesize;
} else {
$pmnum = 0;
$start = 0;
$ppp = 0;
}
if($pmid) {
$pms = $_ENV['pm']->getpmbypmid($this->user['uid'], $pmid);
} else {
$pms = $_ENV['pm']->getpmbyplid($this->user['uid'], $plid, $starttime, $endtime, $start, $ppp, $type);
}
require_once UC_ROOT.'lib/uccode.class.php';
$this->uccode = new uccode();
if($pms) {
foreach($pms as $key => $pm) {
$pms[$key]['message'] = $this->uccode->complie($pms[$key]['message']);
}
}
return $pms;
}
function onviewnum() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$touid = $this->input('touid');
$isplid = $this->input('isplid');
if(!$isplid) {
$plid = $_ENV['pm']->getplidbytouid($this->user['uid'], $touid);
} else {
$plid = $touid;
}
$pmnum = $_ENV['pm']->getpmnumbyplid($this->user['uid'], $plid);
return $pmnum;
}
function onviewnode() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$type = $this->input('type');
$pmid = $this->input('pmid');
$type = 0;
$pms = $_ENV['pm']->getpmbypmid($this->user['uid'], $pmid);
require_once UC_ROOT.'lib/uccode.class.php';
$this->uccode = new uccode();
if($pms) {
foreach($pms as $key => $pm) {
$pms[$key]['message'] = $this->uccode->complie($pms[$key]['message']);
}
}
$pms = $pms[0];
return $pms;
}
function onchatpmmemberlist() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$plid = intval($this->input('plid'));
return $_ENV['pm']->chatpmmemberlist($this->user['uid'], $plid);
}
function onkickchatpm() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$plid = intval($this->input('plid'));
$touid = intval($this->input('touid'));
return $_ENV['pm']->kickchatpm($plid, $this->user['uid'], $touid);
}
function onappendchatpm() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$plid = intval($this->input('plid'));
$touid = intval($this->input('touid'));
return $_ENV['pm']->appendchatpm($plid, $this->user['uid'], $touid);
}
function onblackls_get() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
return $_ENV['pm']->get_blackls($this->user['uid']);
}
function onblackls_set() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$blackls = $this->input('blackls');
return $_ENV['pm']->set_blackls($this->user['uid'], $blackls);
}
function onblackls_add() {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$username = $this->input('username');
return $_ENV['pm']->update_blackls($this->user['uid'], $username, 1);
}
function onblackls_delete($arr) {
$this->init_input();
$this->user['uid'] = intval($this->input('uid'));
$username = $this->input('username');
return $_ENV['pm']->update_blackls($this->user['uid'], $username, 2);
}
}
?>

422
uc_server/control/pm_client.php Normal file
View File

@@ -0,0 +1,422 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: pm_client.php 1166 2014-11-03 01:49:32Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class pm_clientcontrol extends base {
function __construct() {
$this->pm_clientcontrol();
}
function pm_clientcontrol() {
parent::__construct();
if (!$this->settings['pmcenter']) {
exit('PMCenter closed');
}
$this->load('user');
$this->load('pm', NULL, UC_SERVER_RELEASE);
}
function _auth() {
$input = getgpc('input');
if (empty($this->user['uid']) || isset($input)) {
$this->init_input();
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
if ($this->input['uid']) {
$this->setcookie('uc_auth', @$this->authcode($this->input['uid'] . "||" . md5($_SERVER['HTTP_USER_AGENT']), 'ENCODE', UC_KEY), 1800);
@$this->user['uid'] = $this->input['uid'];
} else {
$this->setcookie('uc_auth', '');
$this->message('please_login', '', 1);
}
}
}
function onls() {
$folder = getgpc('folder');
$page = getgpc('page');
$filter = getgpc('filter');
$a = getgpc('a');
$this->_auth();
$uid = $this->user['uid'];
$_ENV['pm']->lang = &$this->lang;
$page = $page ? $page : 1;
$filter = $filter ? (in_array($filter, array('newpm', 'privatepm')) ? $filter : '') : 'privatepm';
$pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0);
$unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1);
$this->view->assign('user', $this->user);
$this->view->assign('pmnum_private', $pmnum_private);
$this->view->assign('unreadpmnum', $unreadpmnum);
$this->view->assign('folder', $folder);
if ($folder == 'blackls') {
$blackls = dhtmlspecialchars($_ENV['pm']->get_blackls($uid));
$this->view->assign('blackls', $blackls);
$this->view->assign('filter', '');
$this->view->display('pm_blackls');
} else {
$start = ($page - 1) * 10;
$pmlist = $_ENV['pm']->getpmlist($uid, $filter, $start, 10);
if ($pmlist) {
foreach ($pmlist as $key => $value) {
$pmlist[$key]['filter'] = 'privatepm';
$pmlist[$key]['lastdateline'] = $this->date($value['lastdateline']);
}
}
$extra = 'extra=' . rawurlencode('page=' . $page);
$multipage = $this->page($pmnum_private, 10, $page, 'index.php?m=pm_client&a=ls&folder=' . $folder . '&filter=' . $filter);
$this->view->assign('extra', $extra);
$this->view->assign('filter', $filter);
$this->view->assign('pmlist', $pmlist);
$this->view->assign('multipage', $multipage);
$this->view->display('pm_ls');
}
}
function onblackls() {
$blackls = getgpc('blackls', 'P');
$this->_auth();
$uid = $this->user['uid'];
if ($this->submitcheck()) {
$_ENV['pm']->set_blackls($uid, $blackls);
}
$this->message('blackls_updated', 'index.php?m=pm_client&a=ls&folder=blackls', 1);
}
function onsend() {
$a = getgpc('a');
$do = getgpc('do');
$this->_auth();
$uid = $this->user['uid'];
$this->load('friend');
$totalnum = $_ENV['friend']->get_totalnum_by_uid($this->user['uid'], 3);
$friends = $totalnum ? $_ENV['friend']->get_list($this->user['uid'], 1, $totalnum, $totalnum, 3) : array();
if (!$this->submitcheck()) {
$extra = 'extra=' . rawurlencode(isset($_GET['extra']) ? $_GET['extra'] : '');
$type = !empty($_GET['type']) ? $_GET['type'] : '';
$pmid = @is_numeric($_GET['pmid']) ? $_GET['pmid'] : 0;
$daterange = !empty($_GET['daterange']) ? intval($_GET['daterange']) : 1;
$touid = isset($_GET['touid']) ? intval($_GET['touid']) : 0;
$plid = isset($_GET['plid']) ? intval($_GET['plid']) : 0;
$folder = getgpc('folder');
$pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0);
$unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1);
$touser = '';
if ($pmid) {
$tmp = $_ENV['pm']->getpmbypmid($uid, $pmid);
$tmp = $tmp[0];
} else {
$tmp = array();
}
if (!empty($pmid)) {
if ($do == 'forward') {
$user = $_ENV['user']->get_user_by_uid($tmp['msgtoid']);
$tmp['message'] = $this->lang['pm_from'] . ': ' . $tmp['author'] . "\n" .
$this->lang['pm_to'] . ': ' . dhtmlspecialchars($user['username']) . "\n" .
$this->lang['pm_date'] . ': ' . $this->date($tmp['dateline']) . "\n\n" .
'[quote]' . trim(preg_replace("/(\[quote])(.*)(\[\/quote])/siU", '', $tmp['message'])) . '[/quote]' . "\n";
}
} else {
!empty($_GET['msgto']) && $touser = dhtmlspecialchars($_GET['msgto']);
!empty($_GET['subject']) && $tmp['subject'] = $_GET['subject'];
$tmp['message'] = !empty($_GET['message']) ? $_GET['message'] : '';
}
if ($this->settings['sendpmseccode']) {
$authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
$rand = rand(100000, 999999);
$seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720));
$this->view->assign('seccodeinit', $seccodeinit);
}
$this->view->assign('sendpmseccode', $this->settings['sendpmseccode']);
$this->view->assign('touser', $touser);
$this->view->assign('user', $this->user);
$this->view->assign('pmnum_private', $pmnum_private);
$this->view->assign('unreadpmnum', $unreadpmnum);
$this->view->assign('friends', $friends);
$this->view->assign('extra', $extra);
$this->view->assign('pmid', $pmid);
$this->view->assign('daterange', $daterange);
$this->view->assign('touid', $touid);
$this->view->assign('plid', $plid);
$this->view->assign('a', $a);
$this->view->assign('do', $do);
$this->view->assign('folder', $folder);
$tmp['message'] = dhtmlspecialchars($tmp['message']);
$this->view->assign('message', $tmp['message']);
$this->view->assign('type', $type);
$this->view->assign('filter', '');
$this->view->display('pm_send');
} else {
if ($this->settings['sendpmseccode']) {
$authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
$seccodehidden = urldecode(getgpc('seccodehidden', 'P'));
$seccode = strtoupper(getgpc('seccode', 'P'));
$seccodehidden = $this->authcode($seccodehidden, 'DECODE', $authkey);
require UC_ROOT . './lib/seccode.class.php';
if (!seccode::seccode_check($seccodehidden, $seccode)) {
$this->message('pm_send_seccode_error', 'BACK', 1);
}
}
$user = $_ENV['user']->get_user_by_uid($this->user['uid']);
$this->user['username'] = daddslashes($user['username'], 1);
$touid = intval(getgpc('touid'));
$daterange = intval(getgpc('daterange'));
$type = intval(getgpc('type'));
$replypmid = @is_numeric($_GET['replypmid']) ? $_GET['replypmid'] : 0;
$msgto = array();
if ($replypmid) {
$plid = $_ENV['pm']->getplidbypmid($replypmid);
$msgto = $_ENV['pm']->getuidbyplid($plid);
unset($msgto[$uid]);
} else {
if (!empty($_POST['msgto'])) {
$msgto = explode(',', $_POST['msgto']);
$msgto = $_ENV['user']->name2id($msgto);
}
}
if (isset($_POST['friend'])) {
$frienduids = array();
foreach ($friends as $friend) {
$frienduids[] = $friend['friendid'];
}
foreach ($_POST['friend'] as $friendid) {
if (in_array($friendid, $frienduids)) {
$msgto[] = $friendid;
}
}
}
if (!$msgto) {
$this->message('receiver_no_exists', 'BACK', 1);
}
$msgto = array_unique($msgto);
$countmsgto = count($msgto);
if ($this->settings['pmsendregdays']) {
if ($user['regdate'] > $this->time - $this->settings['pmsendregdays'] * 86400) {
$this->message('pm_send_regdays_error', 'BACK', 1, array('$pmsendregdays' => $this->settings['pmsendregdays']));
}
}
if ($this->settings['chatpmmemberlimit']) {
if ($type == 1 && ($countmsgto > ($this->settings['chatpmmemberlimit'] - 1))) {
$this->message('pm_send_chatpmmemberlimit_error', 'BACK', 1, array('$chatpmmemberlimit' => $this->settings['chatpmmemberlimit']));
}
}
if ($this->settings['pmfloodctrl']) {
if (!$_ENV['pm']->ispminterval($this->user['uid'], $this->settings['pmfloodctrl'])) {
$this->message('pm_send_pmfloodctrl_error', 'BACK', 1, array('$pmfloodctrl' => $this->settings['pmfloodctrl']));
}
}
if ($this->settings['privatepmthreadlimit']) {
if (!$_ENV['pm']->isprivatepmthreadlimit($this->user['uid'], $this->settings['privatepmthreadlimit'])) {
$this->message('pm_send_privatepmthreadlimit_error', 'BACK', 1, array('$privatepmthreadlimit' => $this->settings['privatepmthreadlimit']));
}
}
if ($this->settings['chatpmthreadlimit']) {
if (!$_ENV['pm']->ischatpmthreadlimit($this->user['uid'], $this->settings['chatpmthreadlimit'])) {
$this->message('pm_send_chatpmthreadlimit_error', 'BACK', 1, array('$chatpmthreadlimit' => $this->settings['chatpmthreadlimit']));
}
}
if ($replypmid) {
$lastpmid = $_ENV['pm']->replypm($plid, $this->user['uid'], $this->user['username'], $_POST['message']);
} else {
$lastpmid = $_ENV['pm']->sendpm($this->user['uid'], $this->user['username'], $msgto, '', $_POST['message'], $type);
}
if ($lastpmid > 0) {
if ($replypmid) {
if ($touid) {
$this->message('pm_send_succeed', "index.php?m=pm_client&a=view&touid=$touid&daterange=$daterange&filter=privatepm", 1);
} else {
$this->message('pm_send_succeed', "index.php?m=pm_client&a=view&plid=$plid&daterange=$daterange&filter=chatpm", 1);
}
} else {
if (!$type) {
$this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=privatepm', 1);
} else {
$this->message('pm_send_succeed', 'index.php?m=pm_client&a=ls&filter=chatpm', 1);
}
}
} else {
$this->message('pm_send_ignore', 'BACK', 1);
}
}
}
function ondelete() {
$this->_auth();
$uid = $this->user['uid'];
$deletetouids = getgpc('deleteuid');
$deleteplids = getgpc('deleteplid');
$quitplids = getgpc('deletequitplid');
$filter = getgpc('filter');
if ($deletetouids && $deleteplids && $quitplids) {
$this->message('pm_delete_invalid', 'index.php?m=pm_client&a=ls&filter=' . $filter . '&' . $_GET['extra'], 1);
}
$flag = true;
if ($deletetouids) {
$return = $_ENV['pm']->deletepmbyplids($uid, $deletetouids, 1);
if ($return <= 0) {
$flag = false;
}
}
if ($deleteplids) {
$return = $_ENV['pm']->deletepmbyplids($uid, $deleteplids);
if ($return <= 0) {
$flag = false;
}
}
if ($quitplids) {
$return = $_ENV['pm']->quitchatpm($uid, $quitplids);
if ($return <= 0) {
$flag = false;
}
}
if ($flag) {
$this->message('pm_delete_succeed', 'index.php?m=pm_client&a=ls&filter=' . $filter . '&' . $_GET['extra'], 1);
} else {
$this->message('pm_delete_invalid', 'index.php?m=pm_client&a=ls&filter=' . $filter . '&' . $_GET['extra'], 1);
}
}
function onview() {
$touid = intval(getgpc('touid'));
$plid = intval(getgpc('plid'));
$scroll = getgpc('scroll');
$daterange = getgpc('daterange');
$filter = getgpc('filter');
$extra = 'extra=' . rawurlencode(getgpc('extra'));
$a = getgpc('a');
$this->_auth();
$uid = $this->user['uid'];
$pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0);
$unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1);
$daterange = empty($daterange) ? 1 : $daterange;
$today = $this->time - ($this->time + $this->settings['timeoffset']) % 86400;
if ($daterange == 1) {
$starttime = $today;
} elseif ($daterange == 2) {
$starttime = $today - 86400;
} elseif ($daterange == 3) {
$starttime = $today - 172800;
} elseif ($daterange == 4) {
$starttime = $today - 604800;
} elseif ($daterange == 5) {
$starttime = 0;
}
$endtime = $this->time;
if ($touid) {
$touser = $_ENV['user']->get_user_by_uid($touid);
$plid = $_ENV['pm']->getplidbytouid($uid, $touid);
$pms = $_ENV['pm']->getpmbyplid($uid, $plid, $starttime, $endtime, 0, 0, 0);
} elseif ($plid) {
$pms = $_ENV['pm']->getpmbyplid($uid, $plid, $starttime, $endtime, 0, 0, 1);
}
if ($pms) {
$founderuid = $pms[0]['founderuid'];
$replypmid = $pms[0]['pmid'];
$subject = $pms[0]['subject'];
}
require_once UC_ROOT . 'lib/uccode.class.php';
$this->uccode = new uccode();
foreach ($pms as $key => $pm) {
$pms[$key]['message'] = $this->uccode->complie($pms[$key]['message']);
$pms[$key]['dateline'] = $this->date($pms[$key]['dateline']);
}
if ($this->settings['sendpmseccode']) {
$authkey = md5(UC_KEY . $_SERVER['HTTP_USER_AGENT'] . $this->onlineip);
$rand = rand(100000, 999999);
$seccodeinit = rawurlencode($this->authcode($rand, 'ENCODE', $authkey, 720));
$this->view->assign('seccodeinit', $seccodeinit);
}
$this->view->assign('sendpmseccode', $this->settings['sendpmseccode']);
$this->view->assign('scroll', $scroll);
$this->view->assign('user', $this->user);
$this->view->assign('touser', $touser);
$this->view->assign('subject', $subject);
$this->view->assign('pmnum_private', $pmnum_private);
$this->view->assign('unreadpmnum', $unreadpmnum);
$this->view->assign('daterange', $daterange);
$this->view->assign('replypmid', $replypmid);
$this->view->assign('touid', $touid);
$this->view->assign('plid', $plid);
$this->view->assign('extra', $extra);
$this->view->assign('founderuid', $founderuid);
$this->view->assign('filter', $filter);
$this->view->assign('pms', $pms);
$this->view->display('pm_view');
}
function onmember() {
$plid = intval(getgpc('plid'));
$scroll = getgpc('scroll');
$daterange = getgpc('daterange');
$filter = getgpc('filter');
$extra = 'extra=' . rawurlencode(getgpc('extra'));
$a = getgpc('a');
$do = getgpc('do');
$this->_auth();
$uid = $this->user['uid'];
$pmnum_private = $_ENV['pm']->getpmnum($uid, 0, 0);
$unreadpmnum = $_ENV['pm']->getpmnum($uid, 0, 1);
if ($do == 'kickmember') {
$memberuid = intval(getgpc('memberuid'));
if ($memberuid) {
$_ENV['pm']->kickchatpm($plid, $uid, $memberuid);
}
$this->message('pm_kickmember_succeed', "index.php?m=pm_client&a=member&plid=$plid&filter=" . $filter . '&' . $_GET['extra'], 1);
}
if ($this->submitcheck() && $do == 'appendmember') {
$appendmember = $_ENV['user']->get_user_by_username(getgpc('appendmember'));
if ($appendmember) {
$return = $_ENV['pm']->appendchatpm($plid, $uid, $appendmember['uid']);
if ($return > 0) {
$this->message('pm_appendmember_succeed', "index.php?m=pm_client&a=member&plid=$plid&filter=" . $filter . '&' . $_GET['extra'], 1);
}
}
$this->message('pm_appendmember_invalid', "index.php?m=pm_client&a=member&plid=$plid&filter=" . $filter . '&' . $_GET['extra'], 1);
}
$members = $_ENV['pm']->chatpmmemberlist($uid, $plid);
$authorid = $members['author'];
$members = $members['member'];
$members = $_ENV['user']->id2name($members);
$this->view->assign('scroll', $scroll);
$this->view->assign('user', $this->user);
$this->view->assign('pmnum_private', $pmnum_private);
$this->view->assign('unreadpmnum', $unreadpmnum);
$this->view->assign('replypmid', $replypmid);
$this->view->assign('subject', $subject);
$this->view->assign('daterange', $daterange);
$this->view->assign('plid', $plid);
$this->view->assign('extra', $extra);
$this->view->assign('filter', $filter);
$this->view->assign('authorid', $authorid);
$this->view->assign('members', $members);
$this->view->display('pm_member');
}
}
?>

52
uc_server/control/seccode.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: seccode.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class seccodecontrol extends base {
function __construct() {
$this->control();
}
function control() {
parent::__construct();
$authkey = md5(UC_KEY.$_SERVER['HTTP_USER_AGENT'].$this->onlineip);
$this->time = time();
$seccodeauth = getgpc('seccodeauth');
$seccode = $this->authcode($seccodeauth, 'DECODE', $authkey);
@header("Expires: -1");
@header("Cache-Control: no-store, private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
include_once UC_ROOT.'lib/seccode.class.php';
$code = new seccode();
$code->code = $seccode;
$code->type = 0;
$code->width = 70;
$code->height = 21;
$code->background = 0;
$code->adulterate = 1;
$code->ttf = 1;
$code->angle = 0;
$code->color = 1;
$code->size = 0;
$code->shadow = 1;
$code->animator = 0;
$code->fontpath = UC_ROOT.'images/fonts/';
$code->datapath = UC_ROOT.'images/';
$code->includepath = '';
$code->display();
}
}
?>

85
uc_server/control/tag.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: tag.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class tagcontrol extends base {
function __construct() {
$this->tagcontrol();
}
function tagcontrol() {
parent::__construct();
$this->init_input();
$this->load('tag');
$this->load('misc');
}
function ongettag() {
$appid = $this->input('appid');
$tagname = $this->input('tagname');
$nums = $this->input('nums');
if(empty($tagname)) {
return NULL;
}
$return = $apparray = $appadd = array();
if($nums && is_array($nums)) {
foreach($nums as $k => $num) {
$apparray[$k] = $k;
}
}
$data = $_ENV['tag']->get_tag_by_name($tagname);
if($data) {
$apparraynew = array();
foreach($data as $tagdata) {
$row = $r = array();
$tmp = explode("\t", $tagdata['data']);
$type = $tmp[0];
array_shift($tmp);
foreach($tmp as $tmp1) {
$tmp1 != '' && $r[] = $_ENV['misc']->string2array($tmp1);
}
if(in_array($tagdata['appid'], $apparray)) {
if($tagdata['expiration'] > 0 && $this->time - $tagdata['expiration'] > 3600) {
$appadd[] = $tagdata['appid'];
$_ENV['tag']->formatcache($tagdata['appid'], $tagname);
} else {
$apparraynew[] = $tagdata['appid'];
}
$datakey = array();
$count = 0;
foreach($r as $data) {
$return[$tagdata['appid']]['data'][] = $data;
$return[$tagdata['appid']]['type'] = $type;
$count++;
if($count >= $nums[$tagdata['appid']]) {
break;
}
}
}
}
$apparray = array_diff($apparray, $apparraynew);
} else {
foreach($apparray as $appid) {
$_ENV['tag']->formatcache($appid, $tagname);
}
}
if($apparray) {
$this->load('note');
$_ENV['note']->add('gettag', "id=$tagname", '', $appadd, -1);
}
return $return;
}
}
?>

483
uc_server/control/user.php Normal file
View File

@@ -0,0 +1,483 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: user.php 1177 2014-11-03 05:46:57Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
define('UC_USER_CHECK_USERNAME_FAILED', -1);
define('UC_USER_USERNAME_BADWORD', -2);
define('UC_USER_USERNAME_EXISTS', -3);
define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
define('UC_USER_EMAIL_EXISTS', -6);
define('UC_USER_USERNAME_CHANGE_FAILED', -7);
define('UC_USER_SECMOBILE_EXISTS', -9);
class usercontrol extends base {
function __construct() {
$this->usercontrol();
}
function usercontrol() {
parent::__construct();
$this->load('user');
}
function onsynlogin() {
$this->init_input();
$uid = $this->input('uid');
if($this->app['synlogin']) {
if($this->user = $_ENV['user']->get_user_by_uid($uid)) {
$synstr = '';
foreach($this->cache['apps'] as $appid => $app) {
if($app['synlogin']) {
if($app['appid'] != $this->app['appid']) {
$synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/'.$app['apifilename'].'?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogin&username='.$this->user['username'].'&uid='.$this->user['uid'].'&password='.$this->user['password']."&time=".$this->time, 'ENCODE', $app['authkey'])).'" reload="1"></script>';
}
if(isset($app['extra']['extraurl']) && is_array($app['extra']['extraurl'])) foreach($app['extra']['extraurl'] as $extraurl) {
$synstr .= '<script type="text/javascript" src="'.$extraurl.'/api/'.$app['apifilename'].'?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogin&username='.$this->user['username'].'&uid='.$this->user['uid'].'&password='.$this->user['password']."&time=".$this->time, 'ENCODE', $app['authkey'])).'" reload="1"></script>';
}
}
}
return $synstr;
}
}
return '';
}
function onsynlogout() {
$this->init_input();
if($this->app['synlogin']) {
$synstr = '';
foreach($this->cache['apps'] as $appid => $app) {
if($app['synlogin']) {
if($app['appid'] != $this->app['appid']) {
$synstr .= '<script type="text/javascript" src="'.$app['url'].'/api/'.$app['apifilename'].'?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogout&time='.$this->time, 'ENCODE', $app['authkey'])).'" reload="1"></script>';
}
if(isset($app['extra']['extraurl']) && is_array($app['extra']['extraurl'])) foreach($app['extra']['extraurl'] as $extraurl) {
$synstr .= '<script type="text/javascript" src="'.$extraurl.'/api/'.$app['apifilename'].'?time='.$this->time.'&code='.urlencode($this->authcode('action=synlogout&time='.$this->time, 'ENCODE', $app['authkey'])).'" reload="1"></script>';
}
}
}
return $synstr;
}
return '';
}
function onregister() {
$this->init_input();
$username = $this->input('username');
$password = $this->input('password');
$email = $this->input('email');
$questionid = $this->input('questionid');
$answer = $this->input('answer');
$regip = $this->input('regip');
$secmobicc = $this->input('secmobicc');
$secmobile = $this->input('secmobile');
if(($status = $this->_check_username($username)) < 0) {
return $status;
}
if(($status = $this->_check_email($email)) < 0) {
return $status;
}
if(($status = $this->_check_secmobile($secmobicc, $secmobile)) > 0) {
return UC_USER_SECMOBILE_EXISTS;
}
$uid = $_ENV['user']->add_user($username, $password, $email, 0, $questionid, $answer, $regip, $secmobicc, $secmobile);
return $uid;
}
function onedit() {
$this->init_input();
$username = $this->input('username');
$oldpw = $this->input('oldpw');
$newpw = $this->input('newpw');
$email = $this->input('email');
$ignoreoldpw = $this->input('ignoreoldpw');
$questionid = $this->input('questionid');
$answer = $this->input('answer');
$secmobicc = $this->input('secmobicc');
$secmobile = $this->input('secmobile');
if(!$ignoreoldpw && $email && ($status = $this->_check_email($email, $username)) < 0) {
return $status;
}
if(($status = $this->_check_secmobile($secmobicc, $secmobile, $username)) > 0) {
return UC_USER_SECMOBILE_EXISTS;
}
$status = $_ENV['user']->edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw, $questionid, $answer, $secmobicc, $secmobile);
if($newpw && $status > 0) {
$this->load('note');
$_ENV['note']->add('updatepw', 'username='.urlencode($username).'&password=');
$_ENV['note']->send();
}
if($status > 0) {
$tmp = $_ENV['user']->get_user_by_username($username);
$_ENV['user']->user_log($tmp['uid'], 'edituser', 'uid='.$tmp['uid'].'&email='.urlencode($email).'&secmobicc='.urlencode($secmobicc).'&secmobile='.urlencode($secmobile));
}
return $status;
}
function onlogin() {
$this->init_input();
$isuid = $this->input('isuid');
$username = $this->input('username');
$password = $this->input('password');
$checkques = $this->input('checkques');
$questionid = $this->input('questionid');
$answer = $this->input('answer');
$ip = $this->input('ip');
$nolog = $this->input('nolog');
$check_times = $this->settings['login_failedtime'] > 0 ? $this->settings['login_failedtime'] : ($this->settings['login_failedtime'] < 0 ? 0 : 5);
if($ip && $check_times && !$loginperm = $_ENV['user']->can_do_login($username, $ip)) {
$status = -4;
return array($status, '', $password, '', 0);
}
if($isuid == 1) {
$user = $_ENV['user']->get_user_by_uid($username);
} elseif($isuid == 2) {
$user = $_ENV['user']->get_user_by_email($username);
} elseif($isuid == 4) {
list($secmobicc, $secmobile) = explode('-', $username);
$user = $_ENV['user']->get_user_by_secmobile($secmobicc, $secmobile);
} else {
$user = $_ENV['user']->get_user_by_username($username);
}
if(empty($user)) {
$status = -1;
} elseif(!$_ENV['user']->verify_password($password, $user['password'], $user['salt'])) {
$status = -2;
} elseif($checkques && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
$status = -3;
} else {
$_ENV['user']->upgrade_password($username, $password, $user['password'], $user['salt']);
$status = $user['uid'];
}
if(!$nolog && $ip && $check_times && $status <= 0) {
$_ENV['user']->loginfailed($username, $ip);
}
$merge = $status != -1 && !$isuid && $_ENV['user']->check_mergeuser($username) ? 1 : 0;
return array($status, $user['username'], $password, $user['email'], $merge);
}
function onlogincheck() {
$this->init_input();
$username = $this->input('username');
$ip = $this->input('ip');
return $_ENV['user']->can_do_login($username, $ip);
}
function oncheck_email() {
$this->init_input();
$email = $this->input('email');
return $this->_check_email($email);
}
function oncheck_secmobile() {
$this->init_input();
$secmobicc = $this->input('secmobicc');
$secmobile = $this->input('secmobile');
return $this->_check_secmobile($secmobicc, $secmobile);
}
function oncheck_username() {
$this->init_input();
$username = $this->input('username');
if(($status = $this->_check_username($username)) < 0) {
return $status;
} else {
return 1;
}
}
function onget_user() {
$this->init_input();
$username = $this->input('username');
if(!$this->input('isuid')) {
$status = $_ENV['user']->get_user_by_username($username);
} else {
$status = $_ENV['user']->get_user_by_uid($username);
}
if($status) {
return array($status['uid'],$status['username'],$status['email']);
} else {
return 0;
}
}
function onchgusername() {
$this->init_input();
$uid = $this->input('uid');
$newusername = $this->input('newusername');
if(($status = $this->_check_username($newusername)) < 0) {
return $status;
}
$user = $_ENV['user']->get_user_by_uid($uid);
$oldusername = $user['username'];
if($_ENV['user']->chgusername($uid, $newusername)) {
$_ENV['user']->user_log($uid, 'renameuser', 'uid='.$uid.'&oldusername='.urlencode($oldusername).'&newusername='.urlencode($newusername));
$this->load('note');
$_ENV['note']->add('renameuser', 'uid='.$uid.'&oldusername='.urlencode($oldusername).'&newusername='.urlencode($newusername));
$_ENV['note']->send();
return 1;
}
return UC_USER_USERNAME_CHANGE_FAILED;
}
function ongetprotected() {
$this->init_input();
$protectedmembers = $this->db->fetch_all("SELECT uid,username FROM ".UC_DBTABLEPRE."protectedmembers GROUP BY username");
return $protectedmembers;
}
function ondelete() {
$this->init_input();
$uid = $this->input('uid');
return $_ENV['user']->delete_user($uid);
}
function ondeleteavatar() {
$this->init_input();
$uid = $this->input('uid');
$_ENV['user']->delete_useravatar($uid);
}
function onaddprotected() {
$this->init_input();
$username = $this->input('username');
$admin = $this->input('admin');
$appid = $this->app['appid'];
$usernames = (array)$username;
foreach($usernames as $username) {
$user = $_ENV['user']->get_user_by_username($username);
$uid = $user['uid'];
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."protectedmembers SET uid='$uid', username='$username', appid='$appid', dateline='{$this->time}', admin='$admin'", 'SILENT');
}
return $this->db->errno() ? -1 : 1;
}
function ondeleteprotected() {
$this->init_input();
$username = $this->input('username');
$appid = $this->app['appid'];
$usernames = (array)$username;
foreach($usernames as $username) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."protectedmembers WHERE username='$username' AND appid='$appid'");
}
return $this->db->errno() ? -1 : 1;
}
function onmerge() {
$this->init_input();
$oldusername = $this->input('oldusername');
$newusername = $this->input('newusername');
$uid = $this->input('uid');
$password = $this->input('password');
$email = $this->input('email');
if(($status = $this->_check_username($newusername)) < 0) {
return $status;
}
$uid = $_ENV['user']->add_user($newusername, $password, $email, $uid);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->app['appid']."' AND username='$oldusername'");
return $uid;
}
function onmerge_remove() {
$this->init_input();
$username = $this->input('username');
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->app['appid']."' AND username='$username'");
return NULL;
}
function _check_username($username) {
$username = addslashes(trim(stripslashes($username)));
if(!$_ENV['user']->check_username($username)) {
return UC_USER_CHECK_USERNAME_FAILED;
} elseif(!$_ENV['user']->check_usernamecensor($username)) {
return UC_USER_USERNAME_BADWORD;
} elseif($_ENV['user']->check_usernameexists($username)) {
return UC_USER_USERNAME_EXISTS;
}
return 1;
}
function _check_email($email, $username = '') {
if(!$_ENV['user']->check_emailformat($email)) {
return UC_USER_EMAIL_FORMAT_ILLEGAL;
} elseif(!$_ENV['user']->check_emailaccess($email)) {
return UC_USER_EMAIL_ACCESS_ILLEGAL;
} elseif(!$this->settings['doublee'] && $_ENV['user']->check_emailexists($email, $username)) {
return UC_USER_EMAIL_EXISTS;
} else {
return 1;
}
}
function _check_secmobile($secmobicc, $secmobile, $username = '') {
return $_ENV['user']->check_secmobileexists($secmobicc, $secmobile, $username);
}
function ongetcredit($arr) {
$this->init_input();
$appid = $this->input('appid');
$uid = $this->input('uid');
$credit = $this->input('credit');
$this->load('note');
$this->load('misc');
$app = $this->cache['apps'][$appid];
$url = $_ENV['note']->get_url_code('getcredit', "uid=$uid&credit=$credit", $appid);
return $_ENV['misc']->dfopen($url, 0, '', '', 1, $app['ip'], UC_NOTE_TIMEOUT);
}
function oncamera() {
$this->view->display('camera');
}
function onuploadavatar() {
@header("Expires: 0");
@header("Cache-Control: private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
$this->init_input(getgpc('agent', 'G'), false);
$uid = $this->input('uid');
if(empty($uid)) {
return -1;
}
if(empty($_FILES['Filedata'])) {
return -3;
}
list($width, $height, $type, $attr) = getimagesize($_FILES['Filedata']['tmp_name']);
if(!in_array($type, array(1,2,3,6))) {
@unlink($_FILES['Filedata']['tmp_name']);
return -4;
}
$imgtype = array(1 => '.gif', 2 => '.jpg', 3 => '.png');
$filetype = $imgtype[$type];
if(!$filetype) $filetype = '.jpg';
$tmpavatar = UC_DATADIR.'./tmp/upload'.$uid.$filetype;
file_exists($tmpavatar) && @unlink($tmpavatar);
if(@copy($_FILES['Filedata']['tmp_name'], $tmpavatar) || @move_uploaded_file($_FILES['Filedata']['tmp_name'], $tmpavatar)) {
@unlink($_FILES['Filedata']['tmp_name']);
list($width, $height, $type, $attr) = getimagesize($tmpavatar);
if($width < 10 || $height < 10 || $type == 4) {
@unlink($tmpavatar);
return -2;
}
} else {
@unlink($_FILES['Filedata']['tmp_name']);
return -4;
}
$avatarurl = UC_DATAURL.'/tmp/upload'.$uid.$filetype;
return $avatarurl;
}
function onrectavatar() {
@header("Expires: 0");
@header("Cache-Control: private, post-check=0, pre-check=0, max-age=0", FALSE);
@header("Pragma: no-cache");
if(getgpc('base64', 'G')){
header("Content-type: text/html; charset=utf-8");
}else{
header("Content-type: application/xml; charset=utf-8");
}
$this->init_input(getgpc('agent'), false);
$uid = $this->input('uid');
if(empty($uid)) {
return '<root><message type="error" value="-1" /></root>';
}
$home = $this->get_home($uid);
if(!defined('UC_UPAVTDIR')) {
define('UC_UPAVTDIR', UC_DATADIR.'./avatar/');
}
if(!is_dir(UC_UPAVTDIR.$home)) {
$this->set_home($uid, UC_UPAVTDIR);
}
$avatartype = getgpc('avatartype', 'G') == 'real' ? 'real' : 'virtual';
$bigavatarfile = UC_UPAVTDIR.$this->get_avatar($uid, 'big', $avatartype);
$middleavatarfile = UC_UPAVTDIR.$this->get_avatar($uid, 'middle', $avatartype);
$smallavatarfile = UC_UPAVTDIR.$this->get_avatar($uid, 'small', $avatartype);
$bigavatar = $this->flashdata_decode(getgpc('avatar1', 'P'));
$middleavatar = $this->flashdata_decode(getgpc('avatar2', 'P'));
$smallavatar = $this->flashdata_decode(getgpc('avatar3', 'P'));
if(!$bigavatar || !$middleavatar || !$smallavatar) {
return '<root><message type="error" value="-2" /></root>';
}
$success = 1;
$fp = @fopen($bigavatarfile, 'wb');
@fwrite($fp, $bigavatar);
@fclose($fp);
$fp = @fopen($middleavatarfile, 'wb');
@fwrite($fp, $middleavatar);
@fclose($fp);
$fp = @fopen($smallavatarfile, 'wb');
@fwrite($fp, $smallavatar);
@fclose($fp);
$biginfo = @getimagesize($bigavatarfile);
$middleinfo = @getimagesize($middleavatarfile);
$smallinfo = @getimagesize($smallavatarfile);
if(!$biginfo || !$middleinfo || !$smallinfo || $biginfo[2] == 4 || $middleinfo[2] == 4 || $smallinfo[2] == 4
|| $biginfo[0] > 200 || $biginfo[1] > 250 || $middleinfo[0] > 120 || $middleinfo[1] > 120 || $smallinfo[0] > 48 || $smallinfo[1] > 48) {
file_exists($bigavatarfile) && unlink($bigavatarfile);
file_exists($middleavatarfile) && unlink($middleavatarfile);
file_exists($smallavatarfile) && unlink($smallavatarfile);
$success = 0;
}
if(getgpc('base64', 'G')){
if($success) {
return "<script>window.parent.postMessage('success','*');</script>";
} else {
return "<script>window.parent.postMessage('failure','*');</script>";
}
}else{
$filetype = '.jpg';
@unlink(UC_DATADIR.'./tmp/upload'.$uid.$filetype);
if($success) {
return '<?xml version="1.0" ?><root><face success="1"/></root>';
} else {
return '<?xml version="1.0" ?><root><face success="0"/></root>';
}
}
}
function flashdata_decode($s) {
$r = '';
if(getgpc('base64', 'G')){
$r = base64_decode($s);
}else{
$l = strlen($s);
for($i=0; $i<$l; $i=$i+2) {
$k1 = ord($s[$i]) - 48;
$k1 -= $k1 > 9 ? 7 : 0;
$k2 = ord($s[$i+1]) - 48;
$k2 -= $k2 > 9 ? 7 : 0;
$r .= chr($k1 << 4 | $k2);
}
}
return $r;
}
}
?>

31
uc_server/control/version.php Normal file
View File

@@ -0,0 +1,31 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: user.php 753 2008-11-14 06:48:25Z cnteacher $
*/
!defined('IN_UC') && exit('Access Denied');
class versioncontrol extends base {
function __construct() {
$this->versioncontrol();
}
function versioncontrol() {
parent::__construct();
$this->load('version');
}
function oncheck() {
$db_version = $_ENV['version']->check();
$return = array('file' => UC_SERVER_VERSION, 'db' => $db_version);
return $return;
}
}
?>