PickCandy/web-discuz
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
UnknownMp
2025-06-18 10:24:27 +08:00
commit ebc39cd5dd
3873 changed files with 412712 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
uc_server/model/admin.php Normal file
View File

@@ -0,0 +1,126 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: admin.php 1167 2014-11-03 03:06:21Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class adminbase extends base {
var $cookie_status = 0;
function __construct() {
$this->adminbase();
}
function adminbase() {
parent::__construct();
$this->cookie_status = isset($_COOKIE['sid']) ? 1 : 0;
$sid = $this->cookie_status ? getgpc('sid', 'C') : rawurlencode(getgpc('sid', 'R'));
$this->sid = $this->view->sid = $this->sid_decode($sid) ? $sid : '';
$this->view->assign('sid', $this->view->sid);
$this->view->assign('iframe', getgpc('iframe'));
$a = getgpc('a');
if(!(getgpc('m') =='user' && ($a == 'login' || $a == 'logout'))) {
$this->check_priv();
}
}
function check_priv() {
$username = $this->sid_decode($this->view->sid);
if(empty($username)) {
header('Location: '.UC_API.'/'.UC_ADMINSCRIPT.'?m=user&a=login&iframe='.getgpc('iframe', 'G').($this->cookie_status ? '' : '&sid='.$this->view->sid));
exit;
} else {
$this->user['isfounder'] = $username == 'UCenterAdministrator' ? 1 : 0;
if(!$this->user['isfounder']) {
$admin = $this->db->fetch_first("SELECT a.*, m.* FROM ".UC_DBTABLEPRE."admins a LEFT JOIN ".UC_DBTABLEPRE."members m USING(uid) WHERE a.username='$username'");
if(empty($admin)) {
header('Location: '.UC_API.'/'.UC_ADMINSCRIPT.'?m=user&a=login&iframe='.getgpc('iframe', 'G').($this->cookie_status ? '' : '&sid='.$this->view->sid));
exit;
} else {
$this->user = $admin;
$this->user['username'] = $username;
$this->user['admin'] = 1;
$this->view->sid = $this->sid_encode($username);
$this->setcookie('sid', $this->view->sid, 86400);
}
} else {
$this->user['username'] = 'UCenterAdministrator';
$this->user['admin'] = 1;
$this->view->sid = $this->sid_encode($this->user['username']);
$this->setcookie('sid', $this->view->sid, 86400);
}
$this->view->assign('user', $this->user);
}
}
function is_founder($username) {
return $this->user['isfounder'];
}
function writelog($action, $extra = '') {
$log = dhtmlspecialchars($this->user['username']."\t".$this->onlineip."\t".$this->time."\t$action\t$extra");
$logfile = UC_ROOT.'./data/logs/'.gmdate('Ym', $this->time).'.php';
if(@filesize($logfile) > 2048000) {
PHP_VERSION < '4.2.0' && mt_srand((double)microtime() * 1000000);
$hash = '';
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
for($i = 0; $i < 4; $i++) {
$hash .= $chars[mt_rand(0, 61)];
}
@rename($logfile, UC_ROOT.'./data/logs/'.gmdate('Ym', $this->time).'_'.$hash.'.php');
}
file_put_contents($logfile, "<?PHP exit;?>\t".str_replace(array('<?', '?>', '<?php'), '', $log)."\n", FILE_APPEND);
}
function fetch_plugins() {
$plugindir = UC_ROOT.'./plugin';
$d = opendir($plugindir);
while($f = readdir($d)) {
if($f != '.' && $f != '..' && is_dir($plugindir.'/'.$f)) {
$pluginxml = $plugindir.$f.'/plugin.xml';
$plugins[] = xml_unserialize($pluginxml);
}
}
}
function _call($a, $arg) {
if(method_exists($this, $a) && $a[0] != '_') {
$this->$a();
} else {
exit('Method does not exists');
}
}
function sid_encode($username) {
$ip = $this->onlineip;
$agent = $_SERVER['HTTP_USER_AGENT'];
$authkey = md5($ip.$agent.UC_KEY);
$check = substr(md5($ip.$agent), 0, 8);
return rawurlencode($this->authcode("$username\t$check", 'ENCODE', $authkey, 1800));
}
function sid_decode($sid) {
$ip = $this->onlineip;
$agent = $_SERVER['HTTP_USER_AGENT'];
$authkey = md5($ip.$agent.UC_KEY);
$s = $this->authcode(rawurldecode($sid), 'DECODE', $authkey, 1800);
if(empty($s)) {
return FALSE;
}
@list($username, $check) = explode("\t", $s);
if($check == substr(md5($ip.$agent), 0, 8)) {
return $username;
} else {
return FALSE;
}
}
}
?>

76
uc_server/model/app.php Normal file
View File

@@ -0,0 +1,76 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: app.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class appmodel {
var $db;
var $base;
function __construct(&$base) {
$this->appmodel($base);
}
function appmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_apps($col = '*', $where = '') {
$arr = $this->db->fetch_all("SELECT $col FROM ".UC_DBTABLEPRE."applications".($where ? ' WHERE '.$where : ''), 'appid');
foreach($arr as $k => $v) {
isset($v['extra']) && !empty($v['extra']) && $v['extra'] = unserialize($v['extra']);
if($tmp = $this->base->authcode($v['authkey'], 'DECODE', UC_MYKEY)) {
$v['authkey'] = $tmp;
}
$arr[$k] = $v;
}
return $arr;
}
function get_app_by_appid($appid, $includecert = FALSE) {
$appid = intval($appid);
$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."applications WHERE appid='$appid'");
$arr['extra'] = unserialize($arr['extra']);
if($tmp = $this->base->authcode($arr['authkey'], 'DECODE', UC_MYKEY)) {
$arr['authkey'] = $tmp;
}
if($includecert) {
$this->load('plugin');
$certfile = $_ENV['plugin']->cert_get_file();
$appdata = $_ENV['plugin']->cert_dump_decode($certfile);
if(is_array($appdata[$appid])) {
$arr += $appdata[$appid];
}
}
return $arr;
}
function delete_apps($appids) {
$appids = $this->base->implode($appids);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."applications WHERE appid IN ($appids)");
return $this->db->affected_rows();
}
function alter_app_table($appid, $operation = 'ADD') {
if($operation == 'ADD') {
$this->db->query("ALTER TABLE ".UC_DBTABLEPRE."notelist ADD COLUMN app$appid tinyint NOT NULL", 'SILENT');
} else {
$this->db->query("ALTER TABLE ".UC_DBTABLEPRE."notelist DROP COLUMN app$appid", 'SILENT');
}
}
function test_api($url, $ip = '') {
$this->base->load('misc');
return $_ENV['misc']->dfopen($url, 0, '', '', 1, '');
}
}
?>

80
uc_server/model/badword.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: badword.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class badwordmodel {
var $db;
var $base;
function __construct(&$base) {
$this->badwordmodel($base);
}
function badwordmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function add_badword($find, $replacement, $admin, $type = 1) {
if($find) {
$find = trim($find);
$replacement = trim($replacement);
$findpattern = $this->pattern_find($find);
if($type == 1) {
$id = $this->db->result_first_stmt("SELECT id FROM ".UC_DBTABLEPRE."badwords WHERE find=?", array('s'), array($find));
if($id) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."badwords SET find='$find', replacement='$replacement', admin='$admin', findpattern='$findpattern' WHERE id='$id'");
} else {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."badwords SET find='$find', replacement='$replacement', admin='$admin', findpattern='$findpattern'", 'SILENT');
}
} elseif($type == 2) {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."badwords SET find='$find', replacement='$replacement', admin='$admin', findpattern='$findpattern'", 'SILENT');
}
}
return $this->db->insert_id();
}
function get_total_num() {
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."badwords");
return $data;
}
function get_list($page, $ppp, $totalnum) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."badwords LIMIT $start, $ppp");
return $data;
}
function delete_badword($arr) {
$badwordids = $this->base->implode($arr);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."badwords WHERE id IN ($badwordids)");
return $this->db->affected_rows();
}
function truncate_badword() {
$this->db->query("TRUNCATE ".UC_DBTABLEPRE."badwords");
}
function update_badword($find, $replacement, $id) {
$findpattern = $this->pattern_find($find);
$this->db->query("UPDATE ".UC_DBTABLEPRE."badwords SET find='$find', replacement='$replacement', findpattern='$findpattern' WHERE id='$id'");
return $this->db->affected_rows();
}
function pattern_find($find) {
$find = preg_quote($find, "/'");
$find = str_replace("\\", "\\\\", $find);
$find = str_replace("'", "\\'", $find);
return '/'.preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", $find).'/is';
}
}
?>

607
uc_server/model/base.php Normal file
View File

@@ -0,0 +1,607 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: base.php 1167 2014-11-03 03:06:21Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class base {
var $sid;
var $time;
var $onlineip;
var $db;
var $view;
var $settings;
var $cache;
var $_CACHE;
var $app;
var $user;
var $lang;
var $input;
function __construct() {
$this->base();
}
function base() {
require_once UC_ROOT.'./model/var.php';
base_var::bind($this);
if(empty($this->time)) {
$this->init_var();
$this->init_db();
$this->init_cache();
$this->init_app();
$this->init_user();
$this->init_template();
$this->init_note();
$this->init_mail();
}
}
function init_var() {
$this->time = time();
$this->onlineip = $_SERVER['REMOTE_ADDR'];
if (!defined('UC_ONLYREMOTEADDR') || (defined('UC_ONLYREMOTEADDR') && !constant('UC_ONLYREMOTEADDR'))) {
require_once UC_ROOT.'./lib/ucip.class.php';
if(defined('UC_IPGETTER') && !empty(constant('UC_IPGETTER'))) {
$s = defined('UC_IPGETTER_'.strtoupper(constant('UC_IPGETTER'))) ? (is_string(constant('UC_IPGETTER_'.strtoupper(constant('UC_IPGETTER')))) ? unserialize(constant('UC_IPGETTER_'.strtoupper(constant('UC_IPGETTER')))) : constant('UC_IPGETTER_'.strtoupper(constant('UC_IPGETTER')))) : array();
$c = 'ucip_getter_'.strtolower(constant('UC_IPGETTER'));
require_once UC_ROOT.'./lib/'.$c.'.class.php';
$r = $c::get($s);
$this->onlineip = ucip::validate_ip($r) ? $r : $this->onlineip;
} else if (isset($_SERVER['HTTP_CLIENT_IP']) && ucip::validate_ip($_SERVER['HTTP_CLIENT_IP'])) {
$this->onlineip = $_SERVER['HTTP_CLIENT_IP'];
} elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
if (strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ",") > 0) {
$exp = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$this->onlineip = ucip::validate_ip(trim($exp[0])) ? $exp[0] : $this->onlineip;
} else {
$this->onlineip = ucip::validate_ip($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $this->onlineip;
}
}
}
define('FORMHASH', $this->formhash());
$_GET['page'] = max(1, intval(getgpc('page')));
include_once UC_ROOT.'./view/default/main.lang.php';
$this->lang = &$lang;
}
function init_cache() {
$this->settings = $this->cache('settings');
$this->cache['apps'] = $this->cache('apps');
if(PHP_VERSION > '5.1') {
$timeoffset = intval($this->settings['timeoffset'] / 3600);
@date_default_timezone_set('Etc/GMT'.($timeoffset > 0 ? '-' : '+').(abs($timeoffset)));
}
}
function init_input($getagent = '', $secureoperation = true) {
$input = getgpc('input', 'R');
if($input) {
$input = $this->authcode($input, 'DECODE', $this->app['authkey']);
parse_str($input, $this->input);
$this->input = daddslashes($this->input, 1, TRUE);
$agent = $getagent ? $getagent : $this->input['agent'];
if($secureoperation && !$this->settings['insecureoperation'] && (getgpc('m') != $this->input['m'] || getgpc('a') != $this->input['a'] || getgpc('appid') != $this->input['appid'])) {
exit('Access denied for operation changed');
} elseif($this->input('frontend') == 1 && !((getgpc('m') == 'user' && in_array(getgpc('a'), array('uploadavatar', 'rectavatar'))) || getgpc('m') == 'pm_client')) {
exit('Access denied for operation changed');
} elseif(($getagent && $getagent != $this->input['agent']) || (!$getagent && md5($_SERVER['HTTP_USER_AGENT']) != $agent)) {
exit('Access denied for agent changed');
} elseif($this->time - $this->input('time') > 3600) {
exit('Authorization has expired');
}
}
if(empty($this->input)) {
exit('Invalid input');
}
}
function init_db() {
require_once UC_ROOT.'lib/dbi.class.php';
$this->db = new ucserver_db();
$this->db->connect(UC_DBHOST, UC_DBUSER, UC_DBPW, UC_DBNAME, UC_DBCHARSET, UC_DBCONNECT, UC_DBTABLEPRE);
}
function init_app() {
$appid = intval(getgpc('appid'));
$appid && $this->app = $this->cache['apps'][$appid];
}
function init_user() {
if(isset($_COOKIE['uc_auth'])) {
@list($uid, $username, $agent) = explode('|', $this->authcode($_COOKIE['uc_auth'], 'DECODE', ($this->input ? $this->app['appauthkey'] : UC_KEY)));
if($agent != md5($_SERVER['HTTP_USER_AGENT'])) {
$this->setcookie('uc_auth', '');
} else {
@$this->user['uid'] = $uid;
@$this->user['username'] = $username;
}
}
}
function init_template() {
$charset = UC_CHARSET;
require_once UC_ROOT.'lib/template.class.php';
$this->view = new template();
$this->view->assign('dbhistories', $this->db->histories);
$this->view->assign('charset', $charset);
$this->view->assign('dbquerynum', $this->db->querynum);
$this->view->assign('user', $this->user);
}
function init_note() {
if($this->note_exists() && !getgpc('inajax')) {
$this->load('note');
$_ENV['note']->send();
}
}
function init_mail() {
if($this->mail_exists() && !getgpc('inajax')) {
$this->load('mail');
$_ENV['mail']->send();
}
}
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
$ckey_length = 4;
$key = md5($key ? $key : UC_KEY);
$keya = md5(substr($key, 0, 16));
$keyb = md5(substr($key, 16, 16));
$keyc = $ckey_length ? ($operation == 'DECODE' ? substr($string, 0, $ckey_length): substr(md5(microtime()), -$ckey_length)) : '';
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) : sprintf('%010d', $expiry ? $expiry + time() : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$box = range(0, 255);
$rndkey = array();
for($i = 0; $i <= 255; $i++) {
$rndkey[$i] = ord($cryptkey[$i % $key_length]);
}
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256;
$tmp = $box[$i];
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256]));
}
if($operation == 'DECODE') {
if(((int)substr($result, 0, 10) == 0 || (int)substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) === substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
return $keyc.str_replace('=', '', base64_encode($result));
}
}
function page($num, $perpage, $curpage, $mpurl) {
$multipage = '';
$mpurl .= strpos($mpurl, '?') ? '&' : '?';
if($num > $perpage) {
$page = 10;
$offset = 2;
$pages = @ceil($num / $perpage);
if($page > $pages) {
$from = 1;
$to = $pages;
} else {
$from = $curpage - $offset;
$to = $from + $page - 1;
if($from < 1) {
$to = $curpage + 1 - $from;
$from = 1;
if($to - $from < $page) {
$to = $page;
}
} elseif($to > $pages) {
$from = $pages - $page + 1;
$to = $pages;
}
}
$multipage = ($curpage - $offset > 1 && $pages > $page ? '<a href="'.$mpurl.'page=1" class="first"'.$ajaxtarget.'>1 ...</a>' : '').
($curpage > 1 && !$simple ? '<a href="'.$mpurl.'page='.($curpage - 1).'" class="prev"'.$ajaxtarget.'>&lsaquo;&lsaquo;</a>' : '');
for($i = $from; $i <= $to; $i++) {
$multipage .= $i == $curpage ? '<strong>'.$i.'</strong>' :
'<a href="'.$mpurl.'page='.$i.($ajaxtarget && $i == $pages && $autogoto ? '#' : '').'"'.$ajaxtarget.'>'.$i.'</a>';
}
$multipage .= ($curpage < $pages && !$simple ? '<a href="'.$mpurl.'page='.($curpage + 1).'" class="next"'.$ajaxtarget.'>&rsaquo;&rsaquo;</a>' : '').
($to < $pages ? '<a href="'.$mpurl.'page='.$pages.'" class="last"'.$ajaxtarget.'>... '.$realpages.'</a>' : '').
(!$simple && $pages > $page && !$ajaxtarget ? '<kbd><input type="text" name="custompage" size="3" onkeydown="if(event.keyCode==13) {window.location=\''.$mpurl.'page=\'+this.value; return false;}" /></kbd>' : '');
$multipage = $multipage ? '<div class="pages">'.(!$simple ? '<em>&nbsp;'.$num.'&nbsp;</em>' : '').$multipage.'</div>' : '';
}
return $multipage;
}
function page_get_start($page, $ppp, $totalnum) {
$totalpage = ceil($totalnum / $ppp);
$page = max(1, min($totalpage, intval($page)));
return ($page - 1) * $ppp;
}
function load($model, $base = NULL, $release = '') {
$base = $base ? $base : $this;
if(empty($_ENV[$model])) {
$release = !$release ? RELEASE_ROOT : $release;
if(file_exists(UC_ROOT.$release."model/$model.php")) {
require_once UC_ROOT.$release."model/$model.php";
} else {
require_once UC_ROOT."model/$model.php";
}
$modelname = $model.'model';
$_ENV[$model] = new $modelname($base);
}
return $_ENV[$model];
}
function get_setting($k = array(), $decode = FALSE) {
$return = array();
$sqladd = $k ? "WHERE k IN (".$this->implode($k).")" : '';
$settings = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."settings $sqladd");
if(is_array($settings)) {
foreach($settings as $arr) {
$return[$arr['k']] = $decode ? unserialize($arr['v']) : $arr['v'];
}
}
return $return;
}
function set_setting($k, $v, $encode = FALSE) {
$v = is_array($v) || $encode ? addslashes(serialize($v)) : $v;
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."settings SET k='$k', v='$v'");
}
function message($message, $redirect = '', $type = 0, $vars = array()) {
include_once UC_ROOT.'view/default/messages.lang.php';
if(isset($lang[$message])) {
$message = $lang[$message] ? str_replace(array_keys($vars), array_values($vars), $lang[$message]) : $message;
}
$this->view->assign('message', $message);
if($redirect != 'BACK' && !preg_match('/^https?:\/\//is', $redirect) && strpos($redirect, 'sid=') === FALSE) {
if(strpos($redirect, '?') === FALSE) {
$redirect .= '?sid='.$this->sid;
} else {
$redirect .= '&sid='.$this->sid;
}
}
$this->view->assign('redirect', $redirect);
if($type == 0) {
$this->view->display('message');
} elseif($type == 1) {
$this->view->display('message_client');
}
exit;
}
function formhash() {
return substr(md5(substr($this->time, 0, -4).UC_KEY), 16);
}
function submitcheck() {
return @getgpc('formhash', 'P') == FORMHASH ? true : false;
}
function date($time, $type = 3) {
$format[] = $type & 2 ? (!empty($this->settings['dateformat']) ? $this->settings['dateformat'] : 'Y-n-j') : '';
$format[] = $type & 1 ? (!empty($this->settings['timeformat']) ? $this->settings['timeformat'] : 'H:i') : '';
return gmdate(implode(' ', $format), $time + $this->settings['timeoffset']);
}
function implode($arr) {
return "'".implode("','", (array)$arr)."'";
}
function set_home($uid, $dir = '.') {
$uid = sprintf("%09d", $uid);
$dir1 = substr($uid, 0, 3);
$dir2 = substr($uid, 3, 2);
$dir3 = substr($uid, 5, 2);
!is_dir($dir.'/'.$dir1) && mkdir($dir.'/'.$dir1, 0777) && @touch($dir.'/'.$dir1.'/index.htm');
!is_dir($dir.'/'.$dir1.'/'.$dir2) && mkdir($dir.'/'.$dir1.'/'.$dir2, 0777) && @touch($dir.'/'.$dir1.'/'.$dir2.'/index.htm');
!is_dir($dir.'/'.$dir1.'/'.$dir2.'/'.$dir3) && mkdir($dir.'/'.$dir1.'/'.$dir2.'/'.$dir3, 0777) && @touch($dir.'/'.$dir1.'/'.$dir2.'/'.$dir3.'/index.htm');
}
function get_home($uid) {
$uid = sprintf("%09d", $uid);
$dir1 = substr($uid, 0, 3);
$dir2 = substr($uid, 3, 2);
$dir3 = substr($uid, 5, 2);
return $dir1.'/'.$dir2.'/'.$dir3;
}
function get_avatar($uid, $size = 'big', $type = '') {
$size = in_array($size, array('big', 'middle', 'small')) ? $size : 'big';
$uid = abs(intval($uid));
$uid = sprintf("%09d", $uid);
$dir1 = substr($uid, 0, 3);
$dir2 = substr($uid, 3, 2);
$dir3 = substr($uid, 5, 2);
$typeadd = $type == 'real' ? '_real' : '';
return $dir1.'/'.$dir2.'/'.$dir3.'/'.substr($uid, -2).$typeadd."_avatar_$size.jpg";
}
function &cache($cachefile) {
if(!isset($this->_CACHE[$cachefile])) {
$cachepath = UC_DATADIR.'./cache/'.$cachefile.'.php';
if(!file_exists($cachepath)) {
$this->load('cache');
$_ENV['cache']->updatedata($cachefile);
} else {
include_once $cachepath;
$this->_CACHE[$cachefile] = $_CACHE[$cachefile];
}
}
return $this->_CACHE[$cachefile];
}
function input($k) {
if($k == 'uid') {
if(is_array($this->input[$k])) {
foreach ($this->input[$k] as $value) {
if(!preg_match("/^[0-9]+$/", $value)) {
return NULL;
}
}
} elseif(!preg_match("/^[0-9]+$/", $this->input[$k])) {
return NULL;
}
}
return isset($this->input[$k]) ? (is_array($this->input[$k]) ? $this->input[$k] : trim($this->input[$k])) : NULL;
}
function serialize($s, $htmlon = 0) {
if(file_exists(UC_ROOT.RELEASE_ROOT.'./lib/xml.class.php')) {
include_once UC_ROOT.RELEASE_ROOT.'./lib/xml.class.php';
} else {
include_once UC_ROOT.'./lib/xml.class.php';
}
return xml_serialize($s, $htmlon);
}
function unserialize($s) {
if(file_exists(UC_ROOT.RELEASE_ROOT.'./lib/xml.class.php')) {
include_once UC_ROOT.RELEASE_ROOT.'./lib/xml.class.php';
} else {
include_once UC_ROOT.'./lib/xml.class.php';
}
return xml_unserialize($s);
}
function cutstr($string, $length, $dot = ' ...') {
if(strlen($string) <= $length) {
return $string;
}
$string = str_replace(array('&amp;', '&quot;', '&lt;', '&gt;'), array('&', '"', '<', '>'), $string);
$strcut = '';
if(strtolower(UC_CHARSET) == 'utf-8') {
$n = $tn = $noc = 0;
while($n < strlen($string)) {
$t = ord($string[$n]);
if($t == 9 || $t == 10 || (32 <= $t && $t <= 126)) {
$tn = 1; $n++; $noc++;
} elseif(194 <= $t && $t <= 223) {
$tn = 2; $n += 2; $noc += 2;
} elseif(224 <= $t && $t < 239) {
$tn = 3; $n += 3; $noc += 2;
} elseif(240 <= $t && $t <= 247) {
$tn = 4; $n += 4; $noc += 2;
} elseif(248 <= $t && $t <= 251) {
$tn = 5; $n += 5; $noc += 2;
} elseif($t == 252 || $t == 253) {
$tn = 6; $n += 6; $noc += 2;
} else {
$n++;
}
if($noc >= $length) {
break;
}
}
if($noc > $length) {
$n -= $tn;
}
$strcut = substr($string, 0, $n);
} else {
for($i = 0; $i < $length; $i++) {
$strcut .= ord($string[$i]) > 127 ? $string[$i].$string[++$i] : $string[$i];
}
}
$strcut = str_replace(array('&', '"', '<', '>'), array('&amp;', '&quot;', '&lt;', '&gt;'), $strcut);
return $strcut.$dot;
}
function setcookie($key, $value, $life = 0, $httponly = false) {
(!defined('UC_COOKIEPATH')) && define('UC_COOKIEPATH', '/');
(!defined('UC_COOKIEDOMAIN')) && define('UC_COOKIEDOMAIN', '');
if($value === '' || $life < 0) {
$value = '';
$life = -1;
}
$life = $life > 0 ? $this->time + $life : ($life < 0 ? $this->time - 31536000 : 0);
$path = $httponly && PHP_VERSION < '5.2.0' ? UC_COOKIEPATH."; HttpOnly" : UC_COOKIEPATH;
$secure = is_https();
if(PHP_VERSION < '5.2.0') {
setcookie($key, $value, $life, $path, UC_COOKIEDOMAIN, $secure);
} else {
setcookie($key, $value, $life, $path, UC_COOKIEDOMAIN, $secure, $httponly);
}
}
function note_exists() {
$noteexists = $this->db->result_first("SELECT value FROM ".UC_DBTABLEPRE."vars WHERE name='noteexists'");
if(empty($noteexists)) {
return FALSE;
} else {
return TRUE;
}
}
function mail_exists() {
$mailexists = $this->db->result_first("SELECT value FROM ".UC_DBTABLEPRE."vars WHERE name='mailexists'");
if(empty($mailexists)) {
return FALSE;
} else {
return TRUE;
}
}
function dstripslashes($string) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = $this->dstripslashes($val);
}
} else {
$string = stripslashes($string);
}
return $string;
}
function detectescape($basepath, $relativepath) {
if(!file_exists($basepath)) {
return FALSE;
}
if(!file_exists($basepath . $relativepath)) {
$relativepath = dirname($relativepath);
if(!file_exists($basepath . $relativepath)) {
return FALSE;
}
}
$real_base = realpath($basepath);
$real_target = realpath($basepath . $relativepath);
if(strcmp($real_target, $real_base) !== 0 && strpos($real_target, $real_base . DIRECTORY_SEPARATOR) !== 0) {
return FALSE;
}
return TRUE;
}
function random($length, $numeric = 0) {
$seed = base_convert(md5(microtime().$_SERVER['DOCUMENT_ROOT']), 16, $numeric ? 10 : 35);
$seed = $numeric ? (str_replace('0', '', $seed).'012340567890') : ($seed.'zZ'.strtoupper($seed));
if($numeric) {
$hash = '';
} else {
$hash = chr(rand(1, 26) + rand(0, 1) * 32 + 64);
$length--;
}
$max = strlen($seed) - 1;
for($i = 0; $i < $length; $i++) {
$hash .= $seed[mt_rand(0, $max)];
}
return $hash;
}
function secrandom($length, $numeric = 0, $strong = false) {
$chars = $numeric ? array('A','B','+','/','=') : array('+','/','=');
$num_find = str_split('CDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
$num_repl = str_split('01234567890123456789012345678901234567890123456789');
$isstrong = false;
if(function_exists('random_bytes')) {
$isstrong = true;
$random_bytes = function($length) {
return random_bytes($length);
};
} elseif(extension_loaded('mcrypt') && function_exists('mcrypt_create_iv')) {
$isstrong = true;
$random_bytes = function($length) {
$rand = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
if ($rand !== false && strlen($rand) === $length) {
return $rand;
} else {
return false;
}
};
} elseif(extension_loaded('openssl') && function_exists('openssl_random_pseudo_bytes')) {
$isstrong = true;
$random_bytes = function($length) {
$rand = openssl_random_pseudo_bytes($length, $secure);
if($secure === true) {
return $rand;
} else {
return false;
}
};
}
if(!$isstrong) {
return $strong ? false : random($length, $numeric);
}
$retry_times = 0;
$return = '';
while($retry_times < 128) {
$getlen = $length - strlen($return); // 33% extra bytes
$bytes = $random_bytes(max($getlen, 12));
if($bytes === false) {
return false;
}
$bytes = str_replace($chars, '', base64_encode($bytes));
$return .= substr($bytes, 0, $getlen);
if(strlen($return) == $length) {
return $numeric ? str_replace($num_find, $num_repl, $return) : $return;
}
$retry_times++;
}
}
function generate_key($length = 32) {
$random = $this->secrandom($length);
$info = md5($_SERVER['SERVER_SOFTWARE'].$_SERVER['SERVER_NAME'].$_SERVER['SERVER_ADDR'].$_SERVER['SERVER_PORT'].$_SERVER['HTTP_USER_AGENT'].time());
$return = '';
for($i=0; $i<$length; $i++) {
$return .= $random[$i].$info[$i];
}
return $return;
}
}
?>

101
uc_server/model/cache.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: cache.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class cachemodel {
var $db;
var $base;
var $map;
function __construct(&$base) {
$this->cachemodel($base);
}
function cachemodel(&$base) {
$this->base = $base;
$this->db = $base->db;
$this->map = array(
'settings' => array('settings'),
'badwords' => array('badwords'),
'plugins' => array('plugins'),
'apps' => array('apps'),
);
}
function updatedata($cachefile = '') {
if($cachefile) {
foreach((array)$this->map[$cachefile] as $modules) {
$s = "<?php\r\n";
foreach((array)$modules as $m) {
$method = "_get_$m";
$s .= '$_CACHE[\''.$m.'\'] = '.var_export($this->$method(), TRUE).";\r\n";
}
$s .= "\r\n?>";
file_put_contents(UC_DATADIR."./cache/$cachefile.php", $s, LOCK_EX);
}
} else {
foreach((array)$this->map as $file => $modules) {
$s = "<?php\r\n";
foreach($modules as $m) {
$method = "_get_$m";
$s .= '$_CACHE[\''.$m.'\'] = '.var_export($this->$method(), TRUE).";\r\n";
}
$s .= "\r\n?>";
file_put_contents(UC_DATADIR."./cache/$file.php", $s, LOCK_EX);
}
}
}
function updatetpl() {
$tpl = dir(UC_DATADIR.'view');
while($entry = $tpl->read()) {
if(preg_match("/\.php$/", $entry)) {
@unlink(UC_DATADIR.'view/'.$entry);
}
}
$tpl->close();
}
function _get_badwords() {
$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."badwords");
$return = array();
if(is_array($data)) {
foreach($data as $k => $v) {
$return['findpattern'][$k] = $v['findpattern'];
$return['replace'][$k] = $v['replacement'];
}
}
return $return;
}
function _get_apps() {
$this->base->load('app');
$apps = $_ENV['app']->get_apps();
$apps2 = array();
if(is_array($apps)) {
foreach($apps as $v) {
$apps2[$v['appid']] = $v;
}
}
return $apps2;
}
function _get_settings() {
return $this->base->get_setting();
}
function _get_plugins() {
$this->base->load('plugin');
return $_ENV['plugin']->get_plugins();
}
}
?>

36
uc_server/model/cron.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: cron.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class cronmodel {
var $db;
var $base;
function __construct(&$base) {
$this->cronmodel($base);
}
function cronmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function note_delete_user() {
}
function note_delete_pm() {
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."badwords");
return $data;
}
}
?>

55
uc_server/model/domain.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: domain.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class domainmodel {
var $db;
var $base;
function __construct(&$base) {
$this->domainmodel($base);
}
function domainmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function add_domain($domain, $ip) {
if($domain) {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."domains SET domain='$domain', ip='$ip'");
}
return $this->db->insert_id();
}
function get_total_num() {
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."domains");
return $data;
}
function get_list($page, $ppp, $totalnum) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."domains LIMIT $start, $ppp");
return $data;
}
function delete_domain($arr) {
$domainids = $this->base->implode($arr);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."domains WHERE id IN ($domainids)");
return $this->db->affected_rows();
}
function update_domain($domain, $ip, $id) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."domains SET domain='$domain', ip='$ip' WHERE id='$id'");
return $this->db->affected_rows();
}
}
?>

54
uc_server/model/feed.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: feed.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class feedmodel {
var $db;
var $base;
var $apps;
var $operations = array();
function __construct(&$base) {
$this->feedmodel($base);
}
function feedmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_total_num() {
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."feeds");
return $data;
}
function get_list($page, $ppp, $totalnum) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."feeds LIMIT $start, $ppp");
foreach((array)$data as $k=> $v) {
$searchs = $replaces = array();
$title_data = $_ENV['misc']->string2array($v['title_data']);
foreach(array_keys($title_data) as $key) {
$searchs[] = '{'.$key.'}';
$replaces[] = $title_data[$key];
}
$searchs[] = '{actor}';
$replaces[] = $v['username'];
$searchs[] = '{app}';
$replaces[] = $this->base->apps[$v['appid']]['name'];
$data[$k]['title_template'] = str_replace($searchs, $replaces, $data[$k]['title_template']);
$data[$k]['dateline'] = $v['dateline'] ? $this->base->date($data[$k]['dateline']) : '';
}
return $data;
}
}
?>

107
uc_server/model/friend.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: friend.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class friendmodel {
var $db;
var $base;
function __construct(&$base) {
$this->friendmodel($base);
}
function friendmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function add($uid, $friendid, $comment='') {
$direction = $this->db->result_first("SELECT direction FROM ".UC_DBTABLEPRE."friends WHERE uid='$friendid' AND friendid='$uid' LIMIT 1");
if($direction == 1) {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."friends SET uid='$uid', friendid='$friendid', comment='$comment', direction='3'", 'SILENT');
$this->db->query("UPDATE ".UC_DBTABLEPRE."friends SET direction='3' WHERE uid='$friendid' AND friendid='$uid'");
return 1;
} elseif($direction == 2) {
return 1;
} elseif($direction == 3) {
return -1;
} else {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."friends SET uid='$uid', friendid='$friendid', comment='$comment', direction='1'", 'SILENT');
return $this->db->insert_id();
}
}
function delete($uid, $friendids) {
$friendids = $this->base->implode($friendids);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."friends WHERE uid='$uid' AND friendid IN ($friendids)");
$affectedrows = $this->db->affected_rows();
if($affectedrows > 0) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."friends SET direction=1 WHERE uid IN ($friendids) AND friendid='$uid' AND direction='3'");
}
return $affectedrows;
}
function get_totalnum_by_uid($uid, $direction = 0) {
$sqladd = '';
if($direction == 0) {
$sqladd = "uid='$uid'";
} elseif($direction == 1) {
$sqladd = "uid='$uid' AND direction='1'";
} elseif($direction == 2) {
$sqladd = "friendid='$uid' AND direction='1'";
} elseif($direction == 3) {
$sqladd = "uid='$uid' AND direction='3'";
}
$totalnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."friends WHERE $sqladd");
return $totalnum;
}
function get_list($uid, $page, $pagesize, $totalnum, $direction = 0) {
$start = $this->base->page_get_start($page, $pagesize, $totalnum);
$sqladd = '';
if($direction == 0) {
$sqladd = "f.uid='$uid'";
} elseif($direction == 1) {
$sqladd = "f.uid='$uid' AND f.direction='1'";
} elseif($direction == 2) {
$sqladd = "f.friendid='$uid' AND f.direction='1'";
} elseif($direction == 3) {
$sqladd = "f.uid='$uid' AND f.direction='3'";
}
if($sqladd) {
$data = $this->db->fetch_all("SELECT f.*, m.username FROM ".UC_DBTABLEPRE."friends f LEFT JOIN ".UC_DBTABLEPRE."members m ON f.friendid=m.uid WHERE $sqladd LIMIT $start, $pagesize");
return $data;
} else {
return array();
}
}
function is_friend($uid, $friendids, $direction = 0) {
$friendid_str = implode("', '", $friendids);
$sqladd = '';
if($direction == 0) {
$sqladd = "uid='$uid'";
} elseif($direction == 1) {
$sqladd = "uid='$uid' AND friendid IN ('$friendid_str') AND direction='1'";
} elseif($direction == 2) {
$sqladd = "friendid='$uid' AND uid IN ('$friendid_str') AND direction='1'";
} elseif($direction == 3) {
$sqladd = "uid='$uid' AND friendid IN ('$friendid_str') AND direction='3'";
}
if($this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."friends WHERE $sqladd") == count($friendids)) {
return true;
} else {
return false;
}
}
}
?>

1
uc_server/model/index.htm Normal file
View File

@@ -0,0 +1 @@

150
uc_server/model/mail.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: mail.php 1139 2012-05-08 09:02:11Z liulanbo $
*/
!defined('IN_UC') && exit('Access Denied');
define('UC_MAIL_REPEAT', 5);
class mailmodel {
var $db;
var $base;
var $apps;
function __construct(&$base) {
$this->mailmodel($base);
}
function mailmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
$this->apps = &$this->base->cache['apps'];
}
function get_total_num() {
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."mailqueue");
return $data;
}
function get_list($page, $ppp, $totalnum) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
$data = $this->db->fetch_all("SELECT m.*, u.username, u.email FROM ".UC_DBTABLEPRE."mailqueue m LEFT JOIN ".UC_DBTABLEPRE."members u ON m.touid=u.uid ORDER BY dateline DESC LIMIT $start, $ppp");
foreach((array)$data as $k => $v) {
$data[$k]['subject'] = dhtmlspecialchars($v['subject']);
$data[$k]['tomail'] = empty($v['tomail']) ? $v['email'] : $v['tomail'];
$data[$k]['dateline'] = $v['dateline'] ? $this->base->date($data[$k]['dateline']) : '';
$data[$k]['appname'] = $this->base->cache['apps'][$v['appid']]['name'];
}
return $data;
}
function delete_mail($ids) {
$ids = $this->base->implode($ids);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."mailqueue WHERE mailid IN ($ids)");
return $this->db->affected_rows();
}
function add($mail) {
if($mail['level']) {
$sql = "INSERT INTO ".UC_DBTABLEPRE."mailqueue (touid, tomail, subject, message, frommail, charset, htmlon, level, dateline, failures, appid) VALUES ";
$values_arr = array();
foreach($mail['uids'] as $uid) {
if(empty($uid)) continue;
$uid = intval($uid);
$values_arr[] = "('$uid', '', '{$mail['subject']}', '{$mail['message']}', '{$mail['frommail']}', '{$mail['charset']}', '{$mail['htmlon']}', '{$mail['level']}', '{$mail['dateline']}', '0', '{$mail['appid']}')";
}
foreach($mail['emails'] as $email) {
if(empty($email)) continue;
$values_arr[] = "('', '$email', '{$mail['subject']}', '{$mail['message']}', '{$mail['frommail']}', '{$mail['charset']}', '{$mail['htmlon']}', '{$mail['level']}', '{$mail['dateline']}', '0', '{$mail['appid']}')";
}
$sql .= implode(',', $values_arr);
$this->db->query($sql);
$insert_id = $this->db->insert_id();
$insert_id && $this->db->query("REPLACE INTO ".UC_DBTABLEPRE."vars SET name='mailexists', value='1'");
return $insert_id;
} else {
$mail['email_to'] = array();
$uids = 0;
foreach($mail['uids'] as $uid) {
if(empty($uid)) continue;
$uids .= ','.intval($uid);
}
$users = $this->db->fetch_all("SELECT uid, username, email FROM ".UC_DBTABLEPRE."members WHERE uid IN ($uids)");
foreach($users as $v) {
$mail['email_to'][] = $v['username'].'<'.$v['email'].'>';
}
foreach($mail['emails'] as $email) {
if(empty($email)) continue;
$mail['email_to'][] = $email;
}
$mail['message'] = str_replace('\"', '"', $mail['message']);
$mail['email_to'] = implode(',', $mail['email_to']);
return $this->send_one_mail($mail);
}
}
function send() {
register_shutdown_function(array($this, '_send'));
}
function _send() {
$mail = $this->_get_mail();
if(empty($mail)) {
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."vars SET name='mailexists', value='0'");
return NULL;
} else {
$mail['email_to'] = $mail['tomail'] ? $mail['tomail'] : $mail['username'].'<'.$mail['email'].'>';
if($this->send_one_mail($mail)) {
$this->_delete_one_mail($mail['mailid']);
return true;
} else {
$this->_update_failures($mail['mailid']);
return false;
}
}
}
function send_by_id($mailid) {
if ($this->send_one_mail($this->_get_mail_by_id($mailid))) {
$this->_delete_one_mail($mailid);
return true;
}
}
function send_one_mail($mail) {
if(empty($mail)) return;
$mail['email_to'] = $mail['email_to'] ? $mail['email_to'] : $mail['username'].'<'.$mail['email'].'>';
$mail_setting = $this->base->settings;
return include UC_ROOT.'lib/sendmail.inc.php';
}
function _get_mail() {
$data = $this->db->fetch_first("SELECT m.*, u.username, u.email FROM ".UC_DBTABLEPRE."mailqueue m LEFT JOIN ".UC_DBTABLEPRE."members u ON m.touid=u.uid WHERE failures<'".UC_MAIL_REPEAT."' ORDER BY level DESC, mailid ASC LIMIT 1");
return $data;
}
function _get_mail_by_id($mailid) {
$data = $this->db->fetch_first("SELECT m.*, u.username, u.email FROM ".UC_DBTABLEPRE."mailqueue m LEFT JOIN ".UC_DBTABLEPRE."members u ON m.touid=u.uid WHERE mailid='$mailid'");
return $data;
}
function _delete_one_mail($mailid) {
$mailid = intval($mailid);
return $this->db->query("DELETE FROM ".UC_DBTABLEPRE."mailqueue WHERE mailid='$mailid'");
}
function _update_failures($mailid) {
$mailid = intval($mailid);
return $this->db->query("UPDATE ".UC_DBTABLEPRE."mailqueue SET failures=failures+1 WHERE mailid='$mailid'");
}
}
?>

219
uc_server/model/misc.php Normal file
View File

@@ -0,0 +1,219 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: misc.php 1127 2011-12-14 04:24:58Z svn_project_zhangjie $
*/
!defined('IN_UC') && exit('Access Denied');
define('UC_ARRAY_SEP_1', 'UC_ARRAY_SEP_1');
define('UC_ARRAY_SEP_2', 'UC_ARRAY_SEP_2');
class miscmodel {
var $db;
var $base;
function __construct(&$base) {
$this->miscmodel($base);
}
function miscmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_host_by_url($url) {
$m = parse_url($url);
if(!$m['host']) {
return -1;
}
if(!(filter_var($m['host'], FILTER_VALIDATE_IP) !== false)) {
$ip = @gethostbyname($m['host']);
if(!$ip || $ip == $m['host']) {
return -2;
}
return $ip;
} else {
return $m['host'];
}
}
function check_url($url) {
return preg_match("/(https?){1}:\/\/|www\.([^\[\"']+?)?/i", $url);
}
function check_ip($ip) {
return filter_var($ip, FILTER_VALIDATE_IP) !== false;
}
function dfopen2($url, $limit = 0, $post = '', $cookie = '', $bysocket = FALSE, $ip = '', $timeout = 15, $block = TRUE, $encodetype = 'URLENCODE', $allowcurl = TRUE) {
$__times__ = isset($_GET['__times__']) ? intval($_GET['__times__']) + 1 : 1;
if($__times__ > 2) {
return '';
}
$url .= (strpos($url, '?') === FALSE ? '?' : '&')."__times__=$__times__";
return $this->dfopen($url, $limit, $post, $cookie, $bysocket, $ip, $timeout, $block, $encodetype, $allowcurl);
}
function dfopen($url, $limit = 0, $post = '', $cookie = '', $bysocket = FALSE, $ip = '', $timeout = 15, $block = TRUE, $encodetype = 'URLENCODE', $allowcurl = TRUE) {
$return = '';
$matches = parse_url($url);
$scheme = strtolower($matches['scheme']);
$host = $matches['host'];
$path = !empty($matches['path']) ? $matches['path'].(!empty($matches['query']) ? '?'.$matches['query'] : '') : '/';
$port = !empty($matches['port']) ? $matches['port'] : ($scheme == 'https' ? 443 : 80);
if(function_exists('curl_init') && function_exists('curl_exec') && $allowcurl) {
$ch = curl_init();
$ip && curl_setopt($ch, CURLOPT_HTTPHEADER, array("Host: ".$host));
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
if(!empty($ip) && filter_var($ip, FILTER_VALIDATE_IP) && !filter_var($host, FILTER_VALIDATE_IP) && version_compare(PHP_VERSION, '5.5.0', 'ge')) {
curl_setopt($ch, CURLOPT_RESOLVE, array("$host:$port:$ip"));
curl_setopt($ch, CURLOPT_URL, $scheme.'://'.$host.':'.$port.$path);
} else {
curl_setopt($ch, CURLOPT_URL, $scheme.'://'.($ip ? $ip : $host).':'.$port.$path);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
if($post) {
curl_setopt($ch, CURLOPT_POST, 1);
if($encodetype == 'URLENCODE') {
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
} else {
parse_str($post, $postarray);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postarray);
}
}
if($cookie) {
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
}
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
$status = curl_getinfo($ch);
$errno = curl_errno($ch);
curl_close($ch);
if($errno || $status['http_code'] != 200) {
return;
} else {
return !$limit ? $data : substr($data, 0, $limit);
}
}
if($post) {
$out = "POST $path HTTP/1.0\r\n";
$header = "Accept: */*\r\n";
$header .= "Accept-Language: zh-cn\r\n";
if($allowcurl) {
$encodetype = 'URLENCODE';
}
$boundary = $encodetype == 'URLENCODE' ? '' : '; boundary='.trim(substr(trim($post), 2, strpos(trim($post), "\n") - 2));
$header .= $encodetype == 'URLENCODE' ? "Content-Type: application/x-www-form-urlencoded\r\n" : "Content-Type: multipart/form-data$boundary\r\n";
$header .= "User-Agent: {$_SERVER['HTTP_USER_AGENT']}\r\n";
$header .= "Host: $host:$port\r\n";
$header .= 'Content-Length: '.strlen($post)."\r\n";
$header .= "Connection: Close\r\n";
$header .= "Cache-Control: no-cache\r\n";
$header .= "Cookie: $cookie\r\n\r\n";
$out .= $header.$post;
} else {
$out = "GET $path HTTP/1.0\r\n";
$header = "Accept: */*\r\n";
$header .= "Accept-Language: zh-cn\r\n";
$header .= "User-Agent: {$_SERVER['HTTP_USER_AGENT']}\r\n";
$header .= "Host: $host:$port\r\n";
$header .= "Connection: Close\r\n";
$header .= "Cookie: $cookie\r\n\r\n";
$out .= $header;
}
$fpflag = 0;
$context = array();
if($scheme == 'https') {
$context['ssl'] = array(
'verify_peer' => false,
'verify_peer_name' => false,
'peer_name' => $host
);
if(version_compare(PHP_VERSION, '5.6.0', '<')) {
$context['ssl']['SNI_enabled'] = true;
$context['ssl']['SNI_server_name'] = $host;
}
}
if(ini_get('allow_url_fopen')) {
$context['http'] = array(
'method' => $post ? 'POST' : 'GET',
'header' => $header,
'timeout' => $timeout
);
if($post) {
$context['http']['content'] = $post;
}
$context = stream_context_create($context);
$fp = @fopen($scheme.'://'.($ip ? $ip : $host).':'.$port.$path, 'b', false, $context);
$fpflag = 1;
} elseif(function_exists('stream_socket_client')) {
$context = stream_context_create($context);
$fp = @stream_socket_client(($scheme == 'https' ? 'ssl://' : '').($ip ? $ip : $host).':'.$port, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, $context);
} else {
$fp = @fsocketopen(($scheme == 'https' ? 'ssl://' : '').($scheme == 'https' ? $host : ($ip ? $ip : $host)), $port, $errno, $errstr, $timeout);
}
if(!$fp) {
return '';
} else {
stream_set_blocking($fp, $block);
stream_set_timeout($fp, $timeout);
if(!$fpflag) {
@fwrite($fp, $out);
}
$status = stream_get_meta_data($fp);
if(!$status['timed_out']) {
while (!feof($fp) && !$fpflag) {
if(($header = @fgets($fp)) && ($header == "\r\n" || $header == "\n")) {
break;
}
}
$stop = false;
while(!feof($fp) && !$stop) {
$data = fread($fp, ($limit == 0 || $limit > 8192 ? 8192 : $limit));
$return .= $data;
if($limit) {
$limit -= strlen($data);
$stop = $limit <= 0;
}
}
}
@fclose($fp);
return $return;
}
}
function array2string($arr) {
$s = $sep = '';
if($arr && is_array($arr)) {
foreach($arr as $k => $v) {
$s .= $sep.addslashes($k).UC_ARRAY_SEP_1.$v;
$sep = UC_ARRAY_SEP_2;
}
}
return $s;
}
function string2array($s) {
$arr = explode(UC_ARRAY_SEP_2, $s);
$arr2 = array();
foreach($arr as $k => $v) {
list($key, $val) = explode(UC_ARRAY_SEP_1, $v);
$arr2[$key] = $val;
}
return $arr2;
}
}
?>

207
uc_server/model/note.php Normal file
View File

@@ -0,0 +1,207 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: note.php 1122 2011-11-14 03:06:25Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
define('UC_NOTE_REPEAT', 2);
define('UC_NOTE_TIMEOUT', 15);
define('UC_NOTE_GC', 5);
define('API_RETURN_FAILED', '-1');
class notemodel {
var $db;
var $base;
var $apps;
var $operations = array();
var $notetype = 'HTTP';
function __construct(&$base) {
$this->notemodel($base);
}
function notemodel(&$base) {
$this->base = $base;
$this->db = $base->db;
$this->apps = $this->base->cache('apps');
$this->operations = array(
'test'=>array('', 'action=test'),
'deleteuser'=>array('', 'action=deleteuser'),
'renameuser'=>array('', 'action=renameuser'),
'deletefriend'=>array('', 'action=deletefriend'),
'gettag'=>array('', 'action=gettag', 'tag', 'updatedata'),
'getcreditsettings'=>array('', 'action=getcreditsettings'),
'getcredit'=>array('', 'action=getcredit'),
'updatecreditsettings'=>array('', 'action=updatecreditsettings'),
'updateclient'=>array('', 'action=updateclient'),
'updatepw'=>array('', 'action=updatepw'),
'updatebadwords'=>array('', 'action=updatebadwords'),
'updatehosts'=>array('', 'action=updatehosts'),
'updateapps'=>array('', 'action=updateapps'),
'updatecredit'=>array('', 'action=updatecredit'),
);
}
function get_total_num($all = TRUE) {
$closedadd = $all ? '' : ' WHERE closed=\'0\'';
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."notelist $closedadd");
return $data;
}
function get_list($page, $ppp, $totalnum, $all = TRUE) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
$closedadd = $all ? '' : ' WHERE closed=\'0\'';
$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."notelist $closedadd ORDER BY dateline DESC LIMIT $start, $ppp");
foreach((array)$data as $k => $v) {
$data[$k]['postdata2'] = addslashes(str_replace('"', '', $data[$k]['postdata']));
$data[$k]['getdata2'] = addslashes(str_replace('"', '', $v['getdata']));
$data[$k]['dateline'] = $v['dateline'] ? $this->base->date($data[$k]['dateline']) : '';
}
return $data;
}
function delete_note($ids) {
$ids = $this->base->implode($ids);
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."notelist WHERE noteid IN ($ids)");
return $this->db->affected_rows();
}
function add($operation, $getdata='', $postdata='', $appids=array(), $pri = 0) {
$extra = $varextra = '';
foreach((array)$this->apps as $appid => $app) {
$appid = $app['appid'];
if($appid == intval($appid)) {
if($appids && !in_array($appid, $appids)) {
$appadd[] = 'app'.$appid."='1'";
} else {
$varadd[] = "('noteexists{$appid}', '1')";
}
}
}
if($appadd) {
$extra = implode(',', $appadd);
$extra = $extra ? ', '.$extra : '';
}
if($varadd) {
$varextra = implode(', ', $varadd);
$varextra = $varextra ? ', '.$varextra : '';
}
$getdata = addslashes($getdata);
$postdata = addslashes($postdata);
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."notelist SET getdata='$getdata', operation='$operation', pri='$pri', postdata='$postdata'$extra");
$insert_id = $this->db->insert_id();
$insert_id && $this->db->query("REPLACE INTO ".UC_DBTABLEPRE."vars (name, value) VALUES ('noteexists', '1')$varextra");
return $insert_id;
}
function send() {
register_shutdown_function(array($this, '_send'));
}
function _send() {
$note = $this->_get_note();
if(empty($note)) {
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."vars SET name='noteexists', value='0'");
return NULL;
}
$closenote = TRUE;
foreach((array)$this->apps as $appid => $app) {
$appnotes = $note['app'.$appid];
if($app['recvnote'] && $appnotes != 1 && $appnotes > -UC_NOTE_REPEAT) {
$this->sendone($appid, 0, $note);
$closenote = FALSE;
break;
}
}
if($closenote) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."notelist SET closed='1' WHERE noteid='{$note['noteid']}'");
}
$this->_gc();
}
function sendone($appid, $noteid = 0, $note = '') {
require_once UC_ROOT.'./lib/xml.class.php';
$return = FALSE;
$app = $this->apps[$appid];
if($noteid) {
$note = $this->_get_note_by_id($noteid);
}
$this->base->load('misc');
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
if(!isset($app['extra']['standalone'])) {
$url = $this->get_url_code($note['operation'], $note['getdata'], $appid);
$note['postdata'] = str_replace(array("\n", "\r"), '', $note['postdata']);
$response = trim($_ENV['misc']->dfopen2($url, 0, $note['postdata'], '', 1, $app['ip'], UC_NOTE_TIMEOUT, TRUE));
}
$returnsucceed = $response != '' && ($response == 1 || is_array(xml_unserialize($response)));
$closedsqladd = $this->_close_note($note, $this->apps, $returnsucceed, $appid) ? ",closed='1'" : '';
if($returnsucceed) {
if($this->operations[$note['operation']][2]) {
$this->base->load($this->operations[$note['operation']][2]);
$func = $this->operations[$note['operation']][3];
$_ENV[$this->operations[$note['operation']][2]]->$func($appid, $response);
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."notelist SET app$appid='1', totalnum=totalnum+1, succeednum=succeednum+1, dateline='{$this->base->time}' $closedsqladd WHERE noteid='{$note['noteid']}'", 'SILENT');
$return = TRUE;
} else {
$this->db->query("UPDATE ".UC_DBTABLEPRE."notelist SET app$appid = app$appid-'1', totalnum=totalnum+1, dateline='{$this->base->time}' $closedsqladd WHERE noteid='{$note['noteid']}'", 'SILENT');
$return = FALSE;
}
return $return;
}
function _get_note() {
$data = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."notelist WHERE closed='0' ORDER BY pri DESC, noteid ASC LIMIT 1");
return $data;
}
function _gc() {
rand(0, UC_NOTE_GC) == 0 && $this->db->query("DELETE FROM ".UC_DBTABLEPRE."notelist WHERE closed='1'");
}
function _close_note($note, $apps, $returnsucceed, $appid) {
$note['app'.$appid] = $returnsucceed ? 1 : $note['app'.$appid] - 1;
$appcount = count($apps);
foreach($apps as $key => $app) {
$appstatus = $note['app'.$app['appid']];
if(!$app['recvnote'] || $appstatus == 1 || $appstatus <= -UC_NOTE_REPEAT) {
$appcount--;
}
}
if($appcount < 1) {
return TRUE;
}
}
function _get_note_by_id($noteid) {
$data = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."notelist WHERE noteid='$noteid'");
return $data;
}
function get_url_code($operation, $getdata, $appid) {
$app = $this->apps[$appid];
$authkey = $app['authkey'];
$url = $app['url'];
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
$action = $this->operations[$operation][1];
$code = urlencode($this->base->authcode("$action&".($getdata ? "$getdata&" : '')."time=".$this->base->time, 'ENCODE', $authkey));
return $url."/api/$apifilename?code=$code";
}
}
?>

106
uc_server/model/plugin.php Normal file
View File

@@ -0,0 +1,106 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: plugin.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class pluginmodel {
var $db;
var $base;
function __construct(&$base) {
$this->pluginmodel($base);
}
function pluginmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_plugins() {
include_once UC_ROOT.'./lib/xml.class.php';
$arr = array();
$dir = UC_ROOT.'./plugin';
$d = opendir($dir);
while($f = readdir($d)) {
if($f != '.' && $f != '..' && $f != '.svn' && is_dir($dir.'/'.$f)) {
$s = file_get_contents($dir.'/'.$f.'/plugin.xml');
$arr1 = xml_unserialize($s);
$arr1['dir'] = $f;
unset($arr1['lang']);
$arr[] = $arr1;
}
}
$arr = $this->orderby_tabindex($arr);
return $arr;
}
function get_plugin($pluginname) {
$f = file_get_contents(UC_ROOT."./plugin/$pluginname/plugin.xml");
include_once UC_ROOT.'./lib/xml.class.php';
return xml_unserialize($f);
}
function get_plugin_by_name($pluginname) {
$dir = UC_ROOT.'./plugin';
$s = file_get_contents($dir.'/'.$pluginname.'/plugin.xml');
return xml_unserialize($s, TRUE);
}
function orderby_tabindex($arr1) {
$arr2 = array();
$t = array();
foreach($arr1 as $k => $v) {
$t[$k] = $v['tabindex'];
}
asort($t);
$arr3 = array();
foreach($t as $k => $v) {
$arr3[$k] = $arr1[$k];
}
return $arr3;
}
function cert_get_file() {
return UC_ROOT.'./data/tmp/ucenter_'.substr(md5(UC_KEY), 0, 16).'.cert';
}
function cert_dump_encode($arr, $life = 0) {
$s = "# UCenter Applications Setting Dump\n".
"# Version: UCenter ".UC_SERVER_VERSION."\n".
"# Time: ".$this->time."\n".
"# Expires: ".($this->time + $life)."\n".
"# From: ".UC_API."\n".
"#\n".
"# This file was BASE64 encoded\n".
"#\n".
"# UCenter Community: https://www.discuz.vip\n".
"# Please visit our website for latest news about UCenter\n".
"# --------------------------------------------------------\n\n\n".
wordwrap(base64_encode(serialize($arr)), 50, "\n", 1);
return $s;
}
function cert_dump_decode($certfile) {
$s = @file_get_contents($certfile);
if(empty($s)) {
return array();
}
preg_match("/# Expires: (.*?)\n/", $s, $m);
if(empty($m[1]) || $m[1] < $this->time) {
unlink($certfile);
return array();
}
$s = preg_replace("/(#.*\s+)*/", '', $s);
$arr = daddslashes(unserialize(base64_decode($s)), 1);
return $arr;
}
}
?>

868
uc_server/model/pm.php Normal file
View File

@@ -0,0 +1,868 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: pm.php 1160 2013-10-24 08:04:45Z jeffjzhang $
*/
!defined('IN_UC') && exit('Access Denied');
define('PMINBALCKLIST_ERROR', -6);
define('PMSENDSELF_ERROR', -8);
define('PMSENDNONE_ERROR', -9);
define('PMSENDCHATNUM_ERROR', -10);
define('PMTHREADNONE_ERROR', -11);
define('PMPRIVILEGENONE_ERROR', -12);
define('PMCHATTYPE_ERROR', -13);
define('PMUIDTYPE_ERROR', -14);
define('PMDATA_ERROR', -15);
class pmmodel {
var $db;
var $base;
function __construct(&$base) {
$this->pmmodel($base);
}
function pmmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function pmintval($pmid) {
return @is_numeric($pmid) ? $pmid : 0;
}
function getpmbypmid($uid, $pmid) {
if(!$pmid) {
return array();
}
$arr = array();
$pm = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_indexes i LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON t.plid=i.plid WHERE i.pmid='$pmid'");
if($this->isprivilege($pm['plid'], $uid)) {
$pms = $this->db->fetch_all("SELECT t.*, p.*, t.authorid as founderuid, t.dateline as founddateline FROM ".UC_DBTABLEPRE.$this->getposttablename($pm['plid'])." p LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON t.plid=p.plid WHERE p.pmid='{$pm['pmid']}'");
$arr = $this->getpostlist($pms);
}
return $arr;
}
function isprivilege($plid, $uid) {
if(!$plid || !$uid) {
return true;
}
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid' AND uid='$uid'");
if($this->db->fetch_array($query)) {
return true;
} else {
return false;
}
}
function getpmbyplid($uid, $plid, $starttime, $endtime, $start, $ppp, $type = 0) {
if(!$type) {
$pm = $this->getprivatepmbyplid($uid, $plid, $starttime, $endtime, $start, $ppp);
} else {
$pm = $this->getchatpmbyplid($uid, $plid, $starttime, $endtime, $start, $ppp);
}
return $this->getpostlist($pm);
}
function getpostlist($list) {
if(empty($list)) {
return array();
}
$authoridarr = $authorarr = array();
foreach($list as $key => $value) {
$authoridarr[$value['authorid']] = $value['authorid'];
}
if($authoridarr) {
$this->base->load('user');
$authorarr = $_ENV['user']->id2name($authoridarr);
}
foreach($list as $key => $value) {
if($value['pmtype'] == 1) {
$users = explode('_', $value['min_max']);
if($value['authorid'] == $users[0]) {
$value['touid'] = $users[1];
} else {
$value['touid'] = $users[0];
}
} else {
$value['touid'] = 0;
}
$value['author'] = $authorarr[$value['authorid']];
$value['msgfromid'] = $value['authorid'];
$value['msgfrom'] = $value['author'];
$value['msgtoid'] = $value['touid'];
unset($value['min_max']);
unset($value['delstatus']);
unset($value['lastmessage']);
$list[$key] = $value;
}
return $list;
}
function setpmstatus($uid, $touids, $plids, $status = 0) {
if(!$uid) {
return false;
}
if(!$status) {
$oldstatus = 1;
$newstatus = 0;
} else {
$oldstatus = 0;
$newstatus = 1;
}
if($touids) {
foreach($touids as $key => $value) {
if($uid == $value || !$value || !preg_match("/^[0-9]+$/", $value)) {
return false;
}
$relastionship[] = $this->relationship($uid, $value);
}
$plid = $plidpostarr = array();
$query = $this->db->query("SELECT plid FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")");
while($thread = $this->db->fetch_array($query)) {
$plidarr[] = $thread['plid'];
}
if($plidarr) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew='$newstatus' WHERE plid IN (".$this->base->implode($plidarr).") AND uid='$uid' AND isnew='$oldstatus'");
}
}
if($plids) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew='$newstatus' WHERE plid IN (".$this->base->implode($plids).") AND uid='$uid' AND isnew='$oldstatus'");
}
return true;
}
function set_ignore($uid) {
return $this->db->query("DELETE FROM ".UC_DBTABLEPRE."newpm WHERE uid='$uid'");
}
function isnewpm($uid) {
return $this->db->result_first("SELECT uid FROM ".UC_DBTABLEPRE."newpm WHERE uid='$uid'");
}
function lastpm($uid) {
$lastpm = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_members m LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON m.plid=t.plid WHERE m.uid='$uid' ORDER BY m.lastdateline DESC LIMIT 1");
$lastmessage = unserialize($lastpm['lastmessage']);
if($lastmessage['lastauthorid']) {
$lastpm['lastauthorid'] = $lastmessage['lastauthorid'];
$lastpm['lastauthor'] = $lastmessage['lastauthor'];
$lastpm['lastsummary'] = $lastmessage['lastsummary'];
} else {
$lastpm['lastauthorid'] = $lastmessage['firstauthorid'];
$lastpm['lastauthor'] = $lastmessage['firstauthor'];
$lastpm['lastsummary'] = $lastmessage['firstsummary'];
}
return $lastpm;
}
function getpmnum($uid, $type = 0, $isnew = 0) {
$newsql = '';
$newnum = 0;
if($isnew) {
$newsql = 'AND m.isnew=1';
}
if(!$type) {
$newnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_members m WHERE m.uid='$uid' $newsql");
} else {
$newnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_members m LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON t.plid=m.plid WHERE m.uid='$uid' $newsql AND t.pmtype='$type'");
}
return $newnum;
}
function getpmnumbyplid($uid, $plid) {
return $this->db->result_first("SELECT pmnum FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid' AND uid='$uid'");
}
function sendpm($fromuid, $fromusername, $touids, $subject, $message, $type = 0) {
if(!$fromuid || !$fromusername || !$touids || !$message) {
return 0;
}
$touids = array_unique($touids);
$relationship = $existplid = $pm_member_insertsql = array();
$this->base->load('user');
$tmptouidarr = $touids;
$blackls = $this->get_blackls($fromuid, $touids);
foreach($tmptouidarr as $key => $value) {
if($fromuid == $value || !$value) {
return PMSENDSELF_ERROR;
}
if(in_array('{ALL}', $blackls[$value])) {
unset($touids[$key]);
continue;
}
$blackls[$value] = $_ENV['user']->name2id($blackls[$value]);
if(!(isset($blackls[$value]) && !in_array($fromuid, $blackls[$value]))) {
unset($touids[$key]);
} else {
$relationship[$value] = $this->relationship($fromuid, $value);
}
}
if(empty($touids)) {
return PMSENDNONE_ERROR;
}
if($type == 1 && count($touids) < 2) {
return PMSENDCHATNUM_ERROR;
}
$_CACHE['badwords'] = $this->base->cache('badwords');
if($_CACHE['badwords']['findpattern']) {
$subject = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $subject);
$message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message);
}
if(!$subject) {
$subject = $this->removecode(trim($message), 80);
} else {
$subject = dhtmlspecialchars($subject);
}
$lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
$subject = addslashes($subject);
if(!$type) {
$query = $this->db->query("SELECT plid, min_max FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max IN (".$this->base->implode($relationship).")");
while($thread = $this->db->fetch_array($query)) {
$existplid[$thread['min_max']] = $thread['plid'];
}
$lastmessage = array('lastauthorid' => $fromuid, 'lastauthor' => $fromusername, 'lastsummary' => $lastsummary);
$lastmessage = addslashes(serialize($lastmessage));
foreach($relationship as $key => $value) {
if(!isset($existplid[$value])) {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_lists(authorid, pmtype, subject, members, min_max, dateline, lastmessage) VALUES('$fromuid', '1', '$subject', 2, '$value', '".$this->base->time."', '$lastmessage')");
$plid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
$pmid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE.$this->getposttablename($plid)."(pmid, plid, authorid, message, dateline, delstatus) VALUES('$pmid', '$plid', '$fromuid', '$message', '".$this->base->time."', 0)");
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES('$plid', '$key', '1', '1', '0', '".$this->base->time."')");
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES('$plid', '$fromuid', '0', '1', '".$this->base->time."', '".$this->base->time."')");
} else {
$plid = $existplid[$value];
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
$pmid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE.$this->getposttablename($plid)."(pmid, plid, authorid, message, dateline, delstatus) VALUES('$pmid', '$plid', '$fromuid', '$message', '".$this->base->time."', 0)");
$result = $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES('$plid', '$key', '1', '1', '0', '".$this->base->time."')", 'SILENT');
if(!$result) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=1, pmnum=pmnum+1, lastdateline='".$this->base->time."' WHERE plid='$plid' AND uid='$key'");
}
$result = $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES('$plid', '$fromuid', '0', '1', '".$this->base->time."', '".$this->base->time."')", 'SILENT');
if(!$result) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=0, pmnum=pmnum+1, lastupdate='".$this->base->time."', lastdateline='".$this->base->time."' WHERE plid='$plid' AND uid='$fromuid'");
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_lists SET lastmessage='$lastmessage' WHERE plid='$plid'");
}
}
} else {
$lastmessage = array('firstauthorid' => $fromuid, 'firstauthor' => $fromusername, 'firstsummary' => $lastsummary);
$lastmessage = addslashes(serialize($lastmessage));
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_lists(authorid, pmtype, subject, members, min_max, dateline, lastmessage) VALUES('$fromuid', '2', '$subject', '".(count($touids)+1)."', '', '".$this->base->time."', '$lastmessage')");
$plid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
$pmid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE.$this->getposttablename($plid)."(pmid, plid, authorid, message, dateline, delstatus) VALUES('$pmid', '$plid', '$fromuid', '$message', '".$this->base->time."', 0)");
$pm_member_insertsql[] = "('$plid', '$fromuid', '0', '1', '".$this->base->time."', '".$this->base->time."')";
foreach($touids as $key => $value) {
$pm_member_insertsql[] = "('$plid', '$value', '1', '1', '0', '".$this->base->time."')";
}
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES ".implode(',', $pm_member_insertsql));
}
$newpm = array();
foreach($touids as $key => $value) {
$newpm[] = "('$value')";
}
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."newpm(uid) VALUES ".implode(',', $newpm));
return $pmid;
}
function replypm($plid, $fromuid, $fromusername, $message) {
if(!$plid || !$fromuid || !$fromusername || !$message) {
return 0;
}
$threadpm = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='$plid'");
if(empty($threadpm)) {
return PMTHREADNONE_ERROR;
}
if($threadpm['pmtype'] == 1) {
$users = explode('_', $threadpm['min_max']);
if($users[0] == $fromuid) {
$touid = $users[1];
} elseif($users[1] == $fromuid) {
$touid = $users[0];
} else {
return PMPRIVILEGENONE_ERROR;
}
$blackls = $this->get_blackls($fromuid, $touid);
if(in_array('{ALL}', $blackls[$touid])) {
return PMINBALCKLIST_ERROR;
}
$this->base->load('user');
$blackls[$touid] = $_ENV['user']->name2id($blackls[$touid]);
if(!(isset($blackls[$touid]) && !in_array($fromuid, $blackls[$touid]))) {
return PMINBALCKLIST_ERROR;
}
}
$memberuid = array();
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid'");
while($member = $this->db->fetch_array($query)) {
$memberuid[$member['uid']] = "('{$member['uid']}')";
}
if(!isset($memberuid[$fromuid])) {
return PMPRIVILEGENONE_ERROR;
}
$_CACHE['badwords'] = $this->base->cache('badwords');
if($_CACHE['badwords']['findpattern']) {
$message = @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $message);
}
$lastsummary = addslashes($this->removecode(trim(stripslashes($message)), 150));
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_indexes(plid) VALUES('$plid')");
$pmid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE.$this->getposttablename($plid)."(pmid, plid, authorid, message, dateline, delstatus) VALUES('$pmid', '$plid', '$fromuid', '$message', '".$this->base->time."', 0)");
if($threadpm['pmtype'] == 1) {
$lastmessage = array('lastauthorid' => $fromuid, 'lastauthor' => $fromusername, 'lastsummary' => $lastsummary);
$lastmessage = addslashes(serialize($lastmessage));
$result = $this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES('$plid', '$touid', '1', '1', '0', '".$this->base->time."')", 'SILENT');
if(!$result) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=1, pmnum=pmnum+1, lastdateline='".$this->base->time."' WHERE plid='$plid' AND uid='$touid'");
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=0, pmnum=pmnum+1, lastupdate='".$this->base->time."', lastdateline='".$this->base->time."' WHERE plid='$plid' AND uid='$fromuid'");
} else {
$lastmessage = unserialize($threadpm['lastmessage']);
$lastmessage = array('firstauthorid' => $lastmessage['firstauthorid'], 'firstauthor' => $lastmessage['firstauthor'], 'firstsummary' => $lastmessage['firstsummary'], 'lastauthorid' => $fromuid, 'lastauthor' => $fromusername, 'lastsummary' => $lastsummary);
$lastmessage = addslashes(serialize($lastmessage));
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=1, pmnum=pmnum+1, lastdateline='".$this->base->time."' WHERE plid='$plid'");
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=0, lastupdate='".$this->base->time."' WHERE plid='$plid' AND uid='$fromuid'");
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_lists SET lastmessage='$lastmessage' WHERE plid='$plid'");
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."newpm(uid) VALUES ".implode(',', $memberuid)."");
return $pmid;
}
function appendchatpm($plid, $uid, $touid) {
if(!$plid || !$uid || !$touid) {
return 0;
}
$threadpm = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='$plid'");
if(empty($threadpm)) {
return PMTHREADNONE_ERROR;
}
if($threadpm['pmtype'] != 2) {
return PMCHATTYPE_ERROR;
}
if($threadpm['authorid'] != $uid) {
return PMPRIVILEGENONE_ERROR;
}
$blackls = $this->get_blackls($uid, $touid);
if(in_array('{ALL}', $blackls[$touid])) {
return PMINBALCKLIST_ERROR;
}
$this->base->load('user');
$blackls[$touid] = $_ENV['user']->name2id($blackls[$touid]);
if(!(isset($blackls[$touid]) && !in_array($uid, $blackls[$touid]))) {
return PMINBALCKLIST_ERROR;
}
$pmnum = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE.$this->getposttablename($plid)." WHERE plid='$plid'");
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."pm_members(plid, uid, isnew, pmnum, lastupdate, lastdateline) VALUES('$plid', '$touid', '1', '$pmnum', '0', '0')", 'SILENT');
$num = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid'");
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_lists SET members='$num' WHERE plid='$plid'");
return 1;
}
function kickchatpm($plid, $uid, $touid) {
if(!$uid || !$touid || !$plid || $uid == $touid) {
return 0;
}
$threadpm = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='$plid'");
if($threadpm['pmtype'] != 2) {
return PMCHATTYPE_ERROR;
}
if($threadpm['authorid'] != $uid) {
return PMPRIVILEGENONE_ERROR;
}
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid' AND uid='$touid'");
$num = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid'");
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_lists SET members='$num' WHERE plid='$plid'");
return 1;
}
function quitchatpm($uid, $plids) {
if(!$uid || !$plids) {
return 0;
}
$list = array();
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."pm_members m LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON m.plid=t.plid WHERE m.plid IN (".$this->base->implode($plids).") AND m.uid='$uid'");
while($threadpm = $this->db->fetch_array($query)) {
if($threadpm['pmtype'] != 2) {
return PMCHATTYPE_ERROR;
}
if($threadpm['authorid'] == $uid) {
return PMPRIVILEGENONE_ERROR;
}
$list[] = $threadpm['plid'];
}
if($list) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid IN (".$this->base->implode($list).") AND uid='$uid'");
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_lists SET members=members-1 WHERE plid IN (".$this->base->implode($list).")");
}
return 1;
}
function deletepmbypmid($uid, $pmid) {
if(!$uid || !$pmid) {
return 0;
}
$index = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_indexes i LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON i.plid=t.plid WHERE i.pmid='$pmid'");
if($index['pmtype'] != 1) {
return PMUIDTYPE_ERROR;
}
$users = explode('_', $index['min_max']);
if(!in_array($uid, $users)) {
return PMPRIVILEGENONE_ERROR;
}
if($index['authorid'] != $uid) {
$this->db->query("UPDATE ".UC_DBTABLEPRE.$this->getposttablename($index['plid'])." SET delstatus=2 WHERE pmid='$pmid' AND delstatus=0");
$updatenum = $this->db->affected_rows();
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$this->getposttablename($index['plid'])." WHERE pmid='$pmid' AND delstatus=1");
$deletenum = $this->db->affected_rows();
} else {
$this->db->query("UPDATE ".UC_DBTABLEPRE.$this->getposttablename($index['plid'])." SET delstatus=1 WHERE pmid='$pmid' AND delstatus=0");
$updatenum = $this->db->affected_rows();
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$this->getposttablename($index['plid'])." WHERE pmid='$pmid' AND delstatus=2");
$deletenum = $this->db->affected_rows();
}
if(!$this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE.$this->getposttablename($index['plid'])." WHERE plid='{$index['plid']}'")) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='{$index['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='{$index['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='{$index['plid']}'");
} else {
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET pmnum=pmnum-".($updatenum + $deletenum)." WHERE plid='".$index['plid']."' AND uid='$uid'");
}
return 1;
}
function deletepmbypmids($uid, $pmids) {
if($pmids) {
foreach($pmids as $key => $pmid) {
$this->deletepmbypmid($uid, $pmid);
}
}
return 1;
}
function deletepmbyplid($uid, $plid, $isuser = 0) {
if(!$uid || !$plid) {
return 0;
}
if($isuser) {
$relationship = $this->relationship($uid, $plid);
$sql = "SELECT * FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max='$relationship'";
} else {
$sql = "SELECT * FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='$plid'";
}
$query = $this->db->query($sql);
if($list = $this->db->fetch_array($query)) {
if($list['pmtype'] == 1) {
$user = explode('_', $list['min_max']);
if(!in_array($uid, $user)) {
return PMPRIVILEGENONE_ERROR;
}
} else {
if($uid != $list['authorid']) {
return PMPRIVILEGENONE_ERROR;
}
}
} else {
return PMTHREADNONE_ERROR;
}
if($list['pmtype'] == 1) {
if($uid == $list['authorid']) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$this->getposttablename($list['plid'])." WHERE plid='{$list['plid']}' AND delstatus=2");
$this->db->query("UPDATE ".UC_DBTABLEPRE.$this->getposttablename($list['plid'])." SET delstatus=1 WHERE plid='{$list['plid']}' AND delstatus=0");
} else {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$this->getposttablename($list['plid'])." WHERE plid='{$list['plid']}' AND delstatus=1");
$this->db->query("UPDATE ".UC_DBTABLEPRE.$this->getposttablename($list['plid'])." SET delstatus=2 WHERE plid='{$list['plid']}' AND delstatus=0");
}
$count = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE.$this->getposttablename($list['plid'])." WHERE plid='{$list['plid']}'");
if(!$count) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='{$list['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='{$list['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='{$list['plid']}'");
} else {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='{$list['plid']}' AND uid='$uid'");
}
} else {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE.$this->getposttablename($list['plid'])." WHERE plid='{$list['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='{$list['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_members WHERE plid='{$list['plid']}'");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."pm_indexes WHERE plid='{$list['plid']}'");
}
return 1;
}
function deletepmbyplids($uid, $plids, $isuser = 0) {
if($plids) {
foreach($plids as $key => $plid) {
$this->deletepmbyplid($uid, $plid, $isuser);
}
}
return 1;
}
function getprivatepmbyplid($uid, $plid, $starttime = 0, $endtime = 0, $start = 0, $ppp = 0) {
if(!$uid || !$plid) {
return 0;
}
if(!$this->isprivilege($plid, $uid)) {
return 0;
}
$thread = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='$plid'");
if($thread['pmtype'] != 1) {
return 0;
}
$pms = $addsql = array();
$addsql[] = "p.plid='$plid'";
if($thread['authorid'] == $uid) {
$addsql[] = 'p.delstatus IN (0,2)';
} else {
$addsql[] = 'p.delstatus IN (0,1)';
}
if($starttime) {
$addsql[]= "p.dateline>'$starttime'";
}
if($endtime) {
$addsql[] = "p.dateline<'$endtime'";
}
if($addsql) {
$addsql = implode(' AND ', $addsql);
} else {
$addsql = '';
}
if($ppp) {
$limitsql = 'LIMIT '.intval($start).', '.intval($ppp);
} else {
$limitsql = '';
}
$pms = $this->db->fetch_all("SELECT t.*, p.*, t.authorid as founderuid, t.dateline as founddateline FROM ".UC_DBTABLEPRE.$this->getposttablename($plid)." p LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON p.plid=t.plid WHERE $addsql ORDER BY p.dateline DESC $limitsql");
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=0 WHERE plid='$plid' AND uid='$uid' AND isnew=1");
return array_reverse($pms);
}
function getchatpmbyplid($uid, $plid, $starttime = 0, $endtime = 0, $start = 0, $ppp = 0) {
if(!$uid || !$plid) {
return 0;
}
if(!$this->isprivilege($plid, $uid)) {
return 0;
}
$pms = $addsql = array();
$addsql[] = "p.plid='$plid'";
if($starttime) {
$addsql[]= "p.dateline>'$starttime'";
}
if($endtime) {
$addsql[] = "p.dateline<'$endtime'";
}
if($addsql) {
$addsql = implode(' AND ', $addsql);
} else {
$addsql = '';
}
if($ppp) {
$limitsql = 'LIMIT '.intval($start).', '.intval($ppp);
} else {
$limitsql = '';
}
$query = $this->db->query("SELECT t.*, p.*, t.authorid as founderuid, t.dateline as founddateline FROM ".UC_DBTABLEPRE.$this->getposttablename($plid)." p LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON p.plid=t.plid WHERE $addsql ORDER BY p.dateline DESC $limitsql");
while($pm = $this->db->fetch_array($query)) {
if($pm['pmtype'] != 2) {
return 0;
}
$pms[] = $pm;
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."pm_members SET isnew=0 WHERE plid='$plid' AND uid='$uid' AND isnew=1");
return array_reverse($pms);
}
function getpmlist($uid, $filter, $start, $ppp = 10) {
if(!$uid) {
return 0;
}
$members = $touidarr = $tousernamearr = array();
if($filter == 'newpm') {
$addsql = 'm.isnew=1 AND ';
} else {
$addsql = '';
}
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."pm_members m LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON t.plid=m.plid WHERE $addsql m.uid='$uid' ORDER BY m.lastdateline DESC LIMIT $start, $ppp");
while($member = $this->db->fetch_array($query)) {
if($member['pmtype'] == 1) {
$users = explode('_', $member['min_max']);
$member['touid'] = $users[0] == $uid ? $users[1] : $users[0];
} else {
$member['touid'] = 0;
}
$touidarr[$member['touid']] = $member['touid'];
$members[] = $member;
}
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."newpm WHERE uid='$uid'");
$array = array();
if($members) {
$today = $this->base->time - $this->base->time % 86400;
$this->base->load('user');
$tousernamearr = $_ENV['user']->id2name($touidarr);
foreach($members as $key => $data) {
$daterange = 5;
$data['founddateline'] = $data['dateline'];
$data['dateline'] = $data['lastdateline'];
$data['pmid'] = $data['plid'];
$lastmessage = unserialize($data['lastmessage']);
if($lastmessage['firstauthorid']) {
$data['firstauthorid'] = $lastmessage['firstauthorid'];
$data['firstauthor'] = $lastmessage['firstauthor'];
$data['firstsummary'] = $lastmessage['firstsummary'];
}
if($lastmessage['lastauthorid']) {
$data['lastauthorid'] = $lastmessage['lastauthorid'];
$data['lastauthor'] = $lastmessage['lastauthor'];
$data['lastsummary'] = $lastmessage['lastsummary'];
}
$data['msgfromid'] = $lastmessage['lastauthorid'];
$data['msgfrom'] = $lastmessage['lastauthor'];
$data['message'] = $lastmessage['lastsummary'];
$data['new'] = $data['isnew'];
$data['msgtoid'] = $data['touid'];
if($data['lastdateline'] >= $today) {
$daterange = 1;
} elseif($data['lastdateline'] >= $today - 86400) {
$daterange = 2;
} elseif($data['lastdateline'] >= $today - 172800) {
$daterange = 3;
} elseif($data['lastdateline'] >= $today - 604800) {
$daterange = 4;
}
$data['daterange'] = $daterange;
$data['tousername'] = $tousernamearr[$data['touid']];
unset($data['min_max']);
$array[] = $data;
}
}
return $array;
}
function getplidbypmid($pmid) {
if(!$pmid) {
return false;
}
return $this->db->result_first("SELECT plid FROM ".UC_DBTABLEPRE."pm_indexes WHERE pmid='$pmid'");
}
function getplidbytouid($uid, $touid) {
if(!$uid || !$touid) {
return 0;
}
return $this->db->result_first("SELECT plid FROM ".UC_DBTABLEPRE."pm_lists WHERE min_max='".$this->relationship($uid, $touid)."'");
}
function getuidbyplid($plid) {
if(!$plid) {
return array();
}
$uidarr = array();
$query = $this->db->query("SELECT uid FROM ".UC_DBTABLEPRE."pm_members WHERE plid='$plid'");
while($uid = $this->db->fetch_array($query)) {
$uidarr[$uid['uid']] = $uid['uid'];
}
return $uidarr;
}
function chatpmmemberlist($uid, $plid) {
if(!$uid || !$plid) {
return 0;
}
$uidarr = $this->getuidbyplid($plid);
if(empty($uidarr)) {
return 0;
}
if(!isset($uidarr[$uid])) {
return 0;
}
$authorid = $this->db->result_first("SELECT authorid FROM ".UC_DBTABLEPRE."pm_lists WHERE plid='$plid'");
return array('author' => $authorid, 'member' => $uidarr);
}
function relationship($fromuid, $touid) {
if($fromuid < $touid) {
return $fromuid.'_'.$touid;
} elseif($fromuid > $touid) {
return $touid.'_'.$fromuid;
} else {
return '';
}
}
function getposttablename($plid) {
$id = substr((string)$plid, -1, 1);
return 'pm_messages_'.intval($id);
}
function get_blackls($uid, $uids = array()) {
if(!$uids) {
$blackls = $this->db->result_first("SELECT blacklist FROM ".UC_DBTABLEPRE."memberfields WHERE uid='$uid'");
} else {
$blackls = array();
$uids = is_array($uids) ? $uids : array($uids);
foreach($uids as $uid) {
$blackls[$uid] = array();
}
$uids = $this->base->implode($uids);
$query = $this->db->query("SELECT uid, blacklist FROM ".UC_DBTABLEPRE."memberfields WHERE uid IN ($uids)");
while($data = $this->db->fetch_array($query)) {
$blackls[$data['uid']] = explode(',', $data['blacklist']);
}
}
return $blackls;
}
function set_blackls($uid, $blackls) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."memberfields SET blacklist='$blackls' WHERE uid='$uid'");
return $this->db->affected_rows();
}
function update_blackls($uid, $username, $action = 1) {
$username = !is_array($username) ? array($username) : $username;
if($action == 1) {
if(!in_array('{ALL}', $username)) {
$usernames = $this->base->implode($username);
$query = $this->db->query("SELECT username FROM ".UC_DBTABLEPRE."members WHERE username IN ($usernames)");
$usernames = array();
while($data = $this->db->fetch_array($query)) {
$usernames[addslashes($data['username'])] = addslashes($data['username']);
}
if(!$usernames) {
return 0;
}
$blackls = addslashes($this->db->result_first("SELECT blacklist FROM ".UC_DBTABLEPRE."memberfields WHERE uid='$uid'"));
if($blackls) {
$list = explode(',', $blackls);
foreach($list as $k => $v) {
if(in_array($v, $usernames)) {
unset($usernames[$v]);
}
}
}
if(!$usernames) {
return 1;
}
$listnew = implode(',', $usernames);
$blackls .= $blackls !== '' ? ','.$listnew : $listnew;
} else {
$blackls = addslashes($this->db->result_first("SELECT blacklist FROM ".UC_DBTABLEPRE."memberfields WHERE uid='$uid'"));
$blackls .= ',{ALL}';
}
} else {
$blackls = addslashes($this->db->result_first("SELECT blacklist FROM ".UC_DBTABLEPRE."memberfields WHERE uid='$uid'"));
$list = $blackls = explode(',', $blackls);
foreach($list as $k => $v) {
if(in_array($v, $username)) {
unset($blackls[$k]);
}
}
$blackls = implode(',', $blackls);
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."memberfields SET blacklist='$blackls' WHERE uid='$uid'");
return 1;
}
function removecode($str, $length) {
static $uccode = null;
if($uccode === null) {
require_once UC_ROOT.'lib/uccode.class.php';
$uccode = new uccode();
}
$str = $uccode->complie($str);
return trim($this->base->cutstr(strip_tags($str), $length));
}
function ispminterval($uid, $interval = 0) {
if(!$uid) {
return 0;
}
$interval = intval($interval);
if(!$interval) {
return 1;
}
$lastupdate = $this->db->result_first("SELECT lastupdate FROM ".UC_DBTABLEPRE."pm_members WHERE uid='$uid' ORDER BY lastupdate DESC LIMIT 1");
if(($this->base->time - $lastupdate) > $interval) {
return 1;
} else {
return 0;
}
}
function isprivatepmthreadlimit($uid, $maxnum = 0) {
if(!$uid) {
return 0;
}
$maxnum = intval($maxnum);
if(!$maxnum) {
return 1;
}
$num = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_members m LEFT JOIN ".UC_DBTABLEPRE."pm_lists t ON m.plid=t.plid WHERE uid='$uid' AND lastupdate>'".($this->base->time-86400)."' AND t.pmtype=1");
if($maxnum - $num < 0) {
return 0;
} else {
return 1;
}
}
function ischatpmthreadlimit($uid, $maxnum = 0) {
if(!$uid) {
return 0;
}
$maxnum = intval($maxnum);
if(!$maxnum) {
return 1;
}
$num = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."pm_lists WHERE authorid='$uid' AND dateline>'".($this->base->time-86400)."'");
if($maxnum - $num < 0) {
return 0;
} else {
return 1;
}
}
}
?>

46
uc_server/model/setting.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: setting.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class settingmodel {
var $db;
var $base;
function __construct(&$base) {
$this->settingmodel($base);
}
function settingmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_settings($keys = '') {
if($keys) {
$keys = $this->base->implode($keys);
$sqladd = "k IN ($keys)";
} else {
$sqladd = '1';
}
$arr = array();
$arr = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."settings WHERE $sqladd");
if($arr) {
foreach($arr as $k => $v) {
$arr[$v['k']] = $v['v'];
unset($arr[$k]);
}
}
return $arr;
}
}
?>

71
uc_server/model/tag.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: tag.php 1059 2011-03-01 07:25:09Z monkey $
*/
!defined('IN_UC') && exit('Access Denied');
class tagmodel {
var $db;
var $base;
function __construct(&$base) {
$this->tagmodel($base);
}
function tagmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_tag_by_name($tagname) {
$arr = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."tags WHERE tagname='$tagname'");
return $arr;
}
function get_template($appid) {
$result = $this->db->result_first("SELECT tagtemplates FROM ".UC_DBTABLEPRE."applications WHERE appid='$appid'");
return $result;
}
function updatedata($appid, $data) {
$appid = intval($appid);
include_once UC_ROOT.'lib/xml.class.php';
$data = xml_unserialize($data);
$this->base->load('app');
$data[0] = addslashes($data[0]);
$datanew = array();
if(is_array($data[1])) {
foreach($data[1] as $r) {
$datanew[] = $_ENV['misc']->array2string($r);
}
}
$tmp = $_ENV['app']->get_apps('type', "appid='$appid'");
$datanew = addslashes($tmp[0]['type']."\t".implode("\t", $datanew));
if(!empty($data[0])) {
$return = $this->db->result_first("SELECT count(*) FROM ".UC_DBTABLEPRE."tags WHERE tagname='$data[0]' AND appid='$appid'");
if($return) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."tags SET data='$datanew', expiration='".$this->base->time."' WHERE tagname='$data[0]' AND appid='$appid'");
} else {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."tags (tagname, appid, data, expiration) VALUES ('$data[0]', '$appid', '$datanew', '".$this->base->time."')");
}
}
}
function formatcache($appid, $tagname) {
$return = $this->db->result_first("SELECT count(*) FROM ".UC_DBTABLEPRE."tags WHERE tagname='$tagname' AND appid='$appid'");
if($return) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."tags SET expiration='0' WHERE tagname='$tagname' AND appid='$appid'");
} else {
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."tags (tagname, appid, expiration) VALUES ('$tagname', '$appid', '0')");
}
}
}
?>

430
uc_server/model/user.php Normal file
View File

@@ -0,0 +1,430 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: user.php 1179 2014-11-03 07:11:25Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class usermodel {
var $db;
var $base;
var $passwordsetting;
function __construct(&$base) {
$this->usermodel($base);
}
function usermodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function get_user_by_uid($uid) {
$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE uid='$uid'");
return $arr;
}
function get_user_by_username($username) {
$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
return $arr;
}
function get_user_by_email($email) {
$arr = $this->db->fetch_first("SELECT * FROM ".UC_DBTABLEPRE."members WHERE email='$email'");
return $arr;
}
function get_user_by_secmobile($secmobicc, $secmobile) {
return $this->db->fetch_first_stmt("SELECT * FROM ".UC_DBTABLEPRE."members WHERE secmobicc=? AND secmobile=?", array('d', 'd'), array($secmobicc, $secmobile));
}
function check_username($username) {
$charset = strtolower(UC_CHARSET);
if ($charset === 'utf-8') {
$guestexp = '\xE3\x80\x80|\xE6\xB8\xB8\xE5\xAE\xA2|\xE9\x81\x8A\xE5\xAE\xA2';
} elseif ($charset === 'gbk') {
$guestexp = '\xA1\xA1|\xD3\xCE\xBF\xCD';
} elseif ($charset === 'big5') {
$guestexp = '\xA1\x40|\xB9\x43\xAB\xC8';
} else {
return FALSE;
}
$guestexp .= '|^Guest';
$len = $this->dstrlen($username);
if($len > 15 || $len < 3 || preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\<\>\&\(\)']|$guestexp/is", $username)) {
return FALSE;
} else {
return TRUE;
}
}
function dstrlen($str) {
if(strtolower(UC_CHARSET) != 'utf-8') {
return strlen($str);
}
$count = 0;
for($i = 0; $i < strlen($str); $i++){
$value = ord($str[$i]);
if($value > 127) {
$count++;
if($value >= 192 && $value <= 223) $i++;
elseif($value >= 224 && $value <= 239) $i = $i + 2;
elseif($value >= 240 && $value <= 247) $i = $i + 3;
}
$count++;
}
return $count;
}
function check_mergeuser($username) {
$data = $this->db->result_first("SELECT count(*) FROM ".UC_DBTABLEPRE."mergemembers WHERE appid='".$this->base->app['appid']."' AND username='$username'");
return $data;
}
function check_usernamecensor($username) {
$_CACHE['badwords'] = $this->base->cache('badwords');
$censorusername = $this->base->get_setting('censorusername');
$censorusername = $censorusername['censorusername'];
$censorexp = '/^('.str_replace(array('\\*', "\r\n", ' '), array('.*', '|', ''), preg_quote(($censorusername = trim($censorusername)), '/')).')$/i';
$usernamereplaced = isset($_CACHE['badwords']['findpattern']) && !empty($_CACHE['badwords']['findpattern']) ? @preg_replace($_CACHE['badwords']['findpattern'], $_CACHE['badwords']['replace'], $username) : $username;
if(($usernamereplaced != $username) || ($censorusername && preg_match($censorexp, $username))) {
return FALSE;
} else {
return TRUE;
}
}
function check_usernameexists($username) {
$data = $this->db->result_first("SELECT username FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
return $data;
}
function check_emailformat($email) {
return strlen($email) > 6 && strlen($email) <= 255 && preg_match("/^([A-Za-z0-9\-_.+]+)@([A-Za-z0-9\-]+[.][A-Za-z0-9\-.]+)$/", $email);
}
function check_emailaccess($email) {
$setting = $this->base->get_setting(array('accessemail', 'censoremail'));
$accessemail = $setting['accessemail'];
$censoremail = $setting['censoremail'];
$accessexp = '/('.str_replace("\r\n", '|', preg_quote(trim($accessemail), '/')).')$/i';
$censorexp = '/('.str_replace("\r\n", '|', preg_quote(trim($censoremail), '/')).')$/i';
if($accessemail || $censoremail) {
if(($accessemail && !preg_match($accessexp, $email)) || ($censoremail && preg_match($censorexp, $email))) {
return FALSE;
} else {
return TRUE;
}
} else {
return TRUE;
}
}
function check_emailexists($email, $username = '') {
$sqladd = $username !== '' ? "AND username<>'$username'" : '';
$email = $this->db->result_first("SELECT email FROM ".UC_DBTABLEPRE."members WHERE email='$email' $sqladd");
return $email;
}
function check_secmobileexists($secmobicc, $secmobile, $username = '') {
$sqladd = $username !== '' ? "AND username<>'$username'" : '';
$secmobicc == 0 && $secmobicc = '';
$secmobile == 0 && $secmobile = '';
$secmobile = $this->db->result_first("SELECT secmobile FROM ".UC_DBTABLEPRE."members WHERE secmobicc='$secmobicc' AND secmobile='$secmobile' $sqladd");
return $secmobile;
}
function check_login($username, $password, &$user) {
$user = $this->get_user_by_username($username);
if(empty($user['username'])) {
return -1;
} elseif(!$this->verify_password($password, $user['password'], $user['salt'])) {
return -2;
}
$this->upgrade_password($username, $password, $user['password'], $user['salt']);
return $user['uid'];
}
function add_user($username, $password, $email, $uid = 0, $questionid = '', $answer = '', $regip = '', $secmobicc = '', $secmobile = '') {
$regip = empty($regip) ? $this->base->onlineip : $regip;
$salt = '';
$password = $this->generate_password($password);
$sqladd = $uid ? "uid='".intval($uid)."'," : '';
$sqladd .= $questionid > 0 ? " secques='".$this->quescrypt($questionid, $answer)."'," : " secques='',";
$sqladd .= $secmobicc ? "secmobicc='".$secmobicc."'," : '';
$sqladd .= $secmobile ? "secmobile='".$secmobile."'," : '';
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."members SET $sqladd username='$username', password='$password', email='$email', regip='$regip', regdate='".$this->base->time."', salt='$salt'");
$uid = $this->db->insert_id();
$this->db->query("INSERT INTO ".UC_DBTABLEPRE."memberfields SET uid='$uid'");
return $uid;
}
function edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw = 0, $questionid = '', $answer = '', $secmobicc = '', $secmobile = '') {
$data = $this->db->fetch_first("SELECT username, uid, password, salt FROM ".UC_DBTABLEPRE."members WHERE username='$username'");
if($ignoreoldpw) {
$isprotected = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid = '{$data['uid']}'");
if($isprotected) {
return -8;
}
}
if(!$ignoreoldpw && !$this->verify_password($oldpw, $data['password'], $data['salt'])) {
return -1;
}
$sqladd = $newpw ? "password='".$this->generate_password($newpw)."', salt=''" : '';
$sqladd .= $email ? ($sqladd ? ',' : '')." email='$email'" : '';
$sqladd .= $secmobicc !== '' ? ($sqladd ? ',' : '').(!empty($secmobicc) ? " secmobicc='$secmobicc'" : " secmobicc=''") : '';
$sqladd .= $secmobile !== '' ? ($sqladd ? ',' : '').(!empty($secmobile) ? " secmobile='$secmobile'" : " secmobile=''") : '';
if($questionid !== '') {
if($questionid > 0) {
$sqladd .= ($sqladd ? ',' : '')." secques='".$this->quescrypt($questionid, $answer)."'";
} else {
$sqladd .= ($sqladd ? ',' : '')." secques=''";
}
}
if($sqladd || $emailadd) {
$this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");
return $this->db->affected_rows();
} else {
return -7;
}
}
function delete_user($uidsarr) {
$uidsarr = (array)$uidsarr;
if(!$uidsarr) {
return 0;
}
$uids = $this->base->implode($uidsarr);
$arr = $this->db->fetch_all("SELECT uid FROM ".UC_DBTABLEPRE."protectedmembers WHERE uid IN ($uids)");
$puids = array();
foreach((array)$arr as $member) {
$puids[] = $member['uid'];
}
$uids = $this->base->implode(array_diff($uidsarr, $puids));
if($uids) {
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."members WHERE uid IN($uids)");
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."memberfields WHERE uid IN($uids)");
$this->delete_useravatar($uidsarr);
$this->base->load('note');
$_ENV['note']->add('deleteuser', "ids=$uids");
return $this->db->affected_rows();
} else {
return 0;
}
}
function delete_useravatar($uidsarr) {
if(!defined('UC_DELAVTDIR')) {
define('UC_DELAVTDIR', UC_DATADIR.'./avatar/');
}
$uidsarr = (array)$uidsarr;
foreach((array)$uidsarr as $uid) {
file_exists($avatar_file = UC_DELAVTDIR.$this->base->get_avatar($uid, 'big', 'real')) && unlink($avatar_file);
file_exists($avatar_file = UC_DELAVTDIR.$this->base->get_avatar($uid, 'middle', 'real')) && unlink($avatar_file);
file_exists($avatar_file = UC_DELAVTDIR.$this->base->get_avatar($uid, 'small', 'real')) && unlink($avatar_file);
file_exists($avatar_file = UC_DELAVTDIR.$this->base->get_avatar($uid, 'big')) && unlink($avatar_file);
file_exists($avatar_file = UC_DELAVTDIR.$this->base->get_avatar($uid, 'middle')) && unlink($avatar_file);
file_exists($avatar_file = UC_DELAVTDIR.$this->base->get_avatar($uid, 'small')) && unlink($avatar_file);
}
}
function chgusername($uid, $newusername) {
return $this->db->query_stmt("UPDATE ".UC_DBTABLEPRE."members SET username=? WHERE uid=?", array('s', 'i'), array($newusername, $uid));
}
function get_total_num($sqladd = '') {
$data = $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."members $sqladd");
return $data;
}
function get_list($page, $ppp, $totalnum, $sqladd) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
$data = $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."members $sqladd LIMIT $start, $ppp");
return $data;
}
function name2id($usernamesarr) {
$usernamesarr = daddslashes($usernamesarr, 1, TRUE);
$usernames = $this->base->implode($usernamesarr);
$query = $this->db->query("SELECT uid FROM ".UC_DBTABLEPRE."members WHERE username IN($usernames)");
$arr = array();
while($user = $this->db->fetch_array($query)) {
$arr[] = $user['uid'];
}
return $arr;
}
function id2name($uidarr) {
$arr = array();
$query = $this->db->query("SELECT uid, username FROM ".UC_DBTABLEPRE."members WHERE uid IN (".$this->base->implode($uidarr).")");
while($user = $this->db->fetch_array($query)) {
$arr[$user['uid']] = $user['username'];
}
return $arr;
}
function quescrypt($questionid, $answer) {
return $questionid > 0 && $answer != '' ? substr(md5($answer.md5($questionid)), 16, 8) : '';
}
function can_do_login($username, $ip = '') {
$check_times = $this->base->settings['login_failedtime'] > 0 ? $this->base->settings['login_failedtime'] : ($this->base->settings['login_failedtime'] < 0 ? 0 : 5);
if($check_times == 0) {
return -1;
}
$username = substr(md5($username), 8, 15);
$expire = 15 * 60;
if(!$ip) {
$ip = $this->base->onlineip;
}
$ip_check = $user_check = array();
$query = $this->db->query("SELECT * FROM ".UC_DBTABLEPRE."failedlogins WHERE ip='".$ip."' OR ip='$username'");
while($row = $this->db->fetch_array($query)) {
if($row['ip'] === $username) {
$user_check = $row;
} elseif($row['ip'] === $ip) {
$ip_check = $row;
}
}
if(empty($ip_check) || ($this->base->time - $ip_check['lastupdate'] > $expire)) {
$ip_check = array();
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."failedlogins (ip, count, lastupdate) VALUES ('{$ip}', '0', '{$this->base->time}')");
}
if(empty($user_check) || ($this->base->time - $user_check['lastupdate'] > $expire)) {
$user_check = array();
$this->db->query("REPLACE INTO ".UC_DBTABLEPRE."failedlogins (ip, count, lastupdate) VALUES ('{$username}', '0', '{$this->base->time}')");
}
if ($ip_check || $user_check) {
$time_left = min(($check_times - (isset($ip_check['count']) ? $ip_check['count'] : 0)), ($check_times - (isset($user_check['count']) ? $user_check['count'] : 0)));
return $time_left;
}
$this->db->query("DELETE FROM ".UC_DBTABLEPRE."failedlogins WHERE lastupdate<".($this->base->time - ($expire + 1)), 'UNBUFFERED');
return $check_times;
}
function loginfailed($username, $ip = '') {
$username = substr(md5($username), 8, 15);
if(!$ip) {
$ip = $this->base->onlineip;
}
$this->db->query("UPDATE ".UC_DBTABLEPRE."failedlogins SET count=count+1, lastupdate='".$this->base->time."' WHERE ip='".$ip."' OR ip='$username'");
}
function user_log($uid, $action, $extra = '') {
$uid = intval($uid);
$action = addslashes($action);
$extra = addslashes($extra);
$this->db->query_stmt("INSERT INTO ".UC_DBTABLEPRE."memberlogs SET uid=?, action=?, extra=?", array('i', 's', 's'), array($uid, $action, $extra));
}
function user_log_total_num() {
return $this->db->result_first("SELECT COUNT(*) FROM ".UC_DBTABLEPRE."memberlogs");
}
function user_log_list($page, $ppp, $totalnum) {
$start = $this->base->page_get_start($page, $ppp, $totalnum);
return $this->db->fetch_all("SELECT * FROM ".UC_DBTABLEPRE."memberlogs LIMIT $start, $ppp");
}
function get_passwordalgo() {
$algo = $this->base->settings['passwordalgo'];
if(empty($algo)) {
return constant('PASSWORD_BCRYPT');
} else {
return constant($algo) === null ? constant('PASSWORD_BCRYPT') : constant($algo);
}
}
function get_passwordoptions() {
$options = $this->base->settings['passwordoptions'];
if(empty($options)) {
return array();
} else {
$result = json_decode($options, true);
return is_array($result) ? $result : array();
}
}
function generate_password($password) {
$algo = $this->get_passwordalgo();
$options = $this->get_passwordoptions();
$hash = password_hash($password, $algo, $options);
return ($hash === false || $hash === null || !password_verify($password, $hash)) ? password_hash($password, PASSWORD_BCRYPT) : $hash;
}
function verify_password($password, $hash, $salt = '') {
if(empty($salt)) {
return password_verify($password, $hash);
} else if(strlen($salt) == 6) {
return hash_equals($hash, md5(md5($password).$salt));
} else if(strlen($salt) > 6 && strlen($salt) < 20 && file_exists(UC_ROOT . "lib/uc_password_$salt.class.php")) {
$classname = "uc_password_$salt";
include(UC_ROOT . "lib/uc_password_$salt.class.php");
return $classname::verify_password($password, $hash);
}
return false;
}
function upgrade_password($username, $password, $hash, $salt = '') {
$algo = $this->get_passwordalgo();
$options = $this->get_passwordoptions();
if (!empty($salt) || password_needs_rehash($hash, $algo, $options)) {
$password_new = $this->generate_password($password);
$sqladd = "password = '$password_new', salt = ''";
return $this->db->query("UPDATE ".UC_DBTABLEPRE."members SET $sqladd WHERE username='$username'");
}
return true;
}
function reset_founderpw($newpw, $reconfkey = 1) {
$configfile = UC_ROOT.'./data/config.inc.php';
if(!is_writable($configfile)) {
return -4;
} else {
$config = file_get_contents($configfile);
$salt = '';
$hashnewpw = str_replace('$', '#', $this->generate_password($newpw));
$config = preg_replace("/define\('UC_FOUNDERSALT',\s*'.*?'\);/i", "define('UC_FOUNDERSALT', '$salt');", $config);
$config = preg_replace("/define\('UC_FOUNDERPW',\s*'.*?'\);/i", "define('UC_FOUNDERPW', '$hashnewpw');", $config);
if($reconfkey) {
$uckey = $this->base->generate_key(64);
$config = preg_replace("/define\('UC_KEY',\s*'.*?'\);/i", "define('UC_KEY', '$uckey');", $config);
}
$config = str_replace('#', '$', $config);
if(file_put_contents($configfile, $config) === false) {
return -4;
}
return 2;
}
}
function upgrade_founderpw($password, $hash, $salt = '') {
$algo = $this->get_passwordalgo();
$options = $this->get_passwordoptions();
if (!empty($salt) || password_needs_rehash($hash, $algo, $options)) {
$password_new = $this->generate_password($password);
return $this->reset_founderpw($password);
}
return true;
}
}

45
uc_server/model/var.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: base.php 1167 2014-11-03 03:06:21Z hypowang $
*/
!defined('IN_UC') && exit('Access Denied');
class base_var {
private static $instance;
var $sid;
var $time;
var $onlineip;
var $db;
var $settings = array();
var $cache = array();
var $_CACHE = array();
var $app = array();
var $user = array();
var $lang = array();
var $input = array();
public static function bind(&$class) {
if(empty(self::$instance)) {
self::$instance = new base_var();
}
$class->sid =& self::$instance->sid;
$class->time =& self::$instance->time;
$class->onlineip =& self::$instance->onlineip;
$class->db =& self::$instance->db;
$class->settings =& self::$instance->settings;
$class->cache =& self::$instance->cache;
$class->_CACHE =& self::$instance->_CACHE;
$class->app =& self::$instance->app;
$class->user =& self::$instance->user;
$class->lang =& self::$instance->lang;
$class->input =& self::$instance->input;
}
}
?>

33
uc_server/model/version.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
/*
[UCenter] (C)2001-2099 Comsenz Inc.
This is NOT a freeware, use is subject to license terms
$Id: user.php 753 2008-11-14 06:48:25Z cnteacher $
*/
!defined('IN_UC') && exit('Access Denied');
class versionmodel {
var $db;
var $base;
function __construct(&$base) {
$this->versionmodel($base);
}
function versionmodel(&$base) {
$this->base = $base;
$this->db = $base->db;
}
function check() {
$data = $this->db->result_first("SELECT v FROM ".UC_DBTABLEPRE."settings WHERE k='version'");
return $data;
}
}
?>