uc.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417
  1. <?php
  2. error_reporting(0);
  3. define('UC_CLIENT_VERSION', '1.6.0');
  4. define('UC_CLIENT_RELEASE', '20110501');
  5. define('API_DELETEUSER', 1);
  6. define('API_RENAMEUSER', 1);
  7. define('API_GETTAG', 1);
  8. define('API_SYNLOGIN', 1);
  9. define('API_SYNLOGOUT', 1);
  10. define('API_UPDATEPW', 1);
  11. define('API_UPDATEBADWORDS', 1);
  12. define('API_UPDATEHOSTS', 1);
  13. define('API_UPDATEAPPS', 1);
  14. define('API_UPDATECLIENT', 1);
  15. define('API_UPDATECREDIT', 1);
  16. define('API_GETCREDIT', 1);
  17. define('API_GETCREDITSETTINGS', 1);
  18. define('API_UPDATECREDITSETTINGS', 1);
  19. define('API_ADDFEED', 1);
  20. define('API_RETURN_SUCCEED', '1');
  21. define('API_RETURN_FAILED', '-1');
  22. define('API_RETURN_FORBIDDEN', '1');
  23. define('IN_SYS', true);
  24. require '../framework/bootstrap.inc.php';
  25. $queryString = str_replace('?', '&', $_SERVER['QUERY_STRING']);
  26. parse_str($queryString, $query);
  27. if(is_array($query) && count($query) == 2) {
  28. $sql = "SELECT `uc` FROM " . tablename('uni_settings') . " WHERE `uniacid`=:uniacid LIMIT 1";
  29. $setting = pdo_fetch($sql, array(':uniacid' => $query['uniacid']));
  30. if(!empty($setting) && !empty($setting['uc'])) {
  31. $uc = iunserializer($setting['uc']);
  32. if(!empty($uc) && $uc['status'] == '1') {
  33. define('UC_CONNECT', $uc['connect'] == 'mysql' ? 'mysql' : '');
  34. define('UC_DBHOST', $uc['dbhost']);
  35. define('UC_DBUSER', $uc['dbuser']);
  36. define('UC_DBPW', $uc['dbpw']);
  37. define('UC_DBNAME', $uc['dbname']);
  38. define('UC_DBCHARSET', $uc['dbcharset']);
  39. define('UC_DBTABLEPRE', $uc['dbtablepre']);
  40. define('UC_DBCONNECT', $uc['dbconnect']);
  41. define('UC_CHARSET', $uc['charset']);
  42. define('UC_KEY', $uc['key']);
  43. define('UC_API', $uc['api']);
  44. define('UC_APPID', $uc['appid']);
  45. define('UC_IP', $uc['ip']);
  46. $get = $post = array();
  47. parse_str(authcode($query['code'], 'DECODE', UC_KEY), $get);
  48. if(TIMESTAMP - $get['time'] > 3600) {
  49. exit('Authracation has expiried');
  50. }
  51. if(empty($get)) {
  52. exit('Invalid Request');
  53. }
  54. include_once IA_ROOT . '/framework/library/uc/lib/xml.class.php';
  55. $input = file_get_contents('php://input');
  56. $post = xml_unserialize($input);
  57. if(in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcredit', 'getcreditsettings', 'updatecreditsettings', 'addfeed'))) {
  58. $note = new uc_note();
  59. $function = $get['action'];
  60. echo $note->$function($get, $post);
  61. exit();
  62. } else {
  63. exit(API_RETURN_FAILED);
  64. }
  65. }
  66. }
  67. }
  68. class uc_note {
  69. function _serialize($arr, $htmlon = 0) {
  70. return xml_serialize($arr, $htmlon);
  71. }
  72. function test($get, $post) {
  73. return API_RETURN_SUCCEED;
  74. }
  75. function deleteuser($get, $post) {
  76. global $_G;
  77. if(!API_DELETEUSER) {
  78. return API_RETURN_FORBIDDEN;
  79. }
  80. $uids = str_replace("'", '', stripslashes($get['ids']));
  81. $ids = array();
  82. $ids = array_keys(C::t('common_member')->fetch_all($uids));
  83. require_once DISCUZ_ROOT.'./source/function/function_delete.php';
  84. $ids && deletemember($ids);
  85. return API_RETURN_SUCCEED;
  86. }
  87. function renameuser($get, $post) {
  88. global $_G;
  89. if(!API_RENAMEUSER) {
  90. return API_RETURN_FORBIDDEN;
  91. }
  92. $tables = array(
  93. 'common_block' => array('id' => 'uid', 'name' => 'username'),
  94. 'common_invite' => array('id' => 'fuid', 'name' => 'fusername'),
  95. 'common_member_verify_info' => array('id' => 'uid', 'name' => 'username'),
  96. 'common_mytask' => array('id' => 'uid', 'name' => 'username'),
  97. 'common_report' => array('id' => 'uid', 'name' => 'username'),
  98. 'forum_thread' => array('id' => 'authorid', 'name' => 'author'),
  99. 'forum_activityapply' => array('id' => 'uid', 'name' => 'username'),
  100. 'forum_groupuser' => array('id' => 'uid', 'name' => 'username'),
  101. 'forum_pollvoter' => array('id' => 'uid', 'name' => 'username'),
  102. 'forum_post' => array('id' => 'authorid', 'name' => 'author'),
  103. 'forum_postcomment' => array('id' => 'authorid', 'name' => 'author'),
  104. 'forum_ratelog' => array('id' => 'uid', 'name' => 'username'),
  105. 'home_album' => array('id' => 'uid', 'name' => 'username'),
  106. 'home_blog' => array('id' => 'uid', 'name' => 'username'),
  107. 'home_clickuser' => array('id' => 'uid', 'name' => 'username'),
  108. 'home_docomment' => array('id' => 'uid', 'name' => 'username'),
  109. 'home_doing' => array('id' => 'uid', 'name' => 'username'),
  110. 'home_feed' => array('id' => 'uid', 'name' => 'username'),
  111. 'home_feed_app' => array('id' => 'uid', 'name' => 'username'),
  112. 'home_friend' => array('id' => 'fuid', 'name' => 'fusername'),
  113. 'home_friend_request' => array('id' => 'fuid', 'name' => 'fusername'),
  114. 'home_notification' => array('id' => 'authorid', 'name' => 'author'),
  115. 'home_pic' => array('id' => 'uid', 'name' => 'username'),
  116. 'home_poke' => array('id' => 'fromuid', 'name' => 'fromusername'),
  117. 'home_share' => array('id' => 'uid', 'name' => 'username'),
  118. 'home_show' => array('id' => 'uid', 'name' => 'username'),
  119. 'home_specialuser' => array('id' => 'uid', 'name' => 'username'),
  120. 'home_visitor' => array('id' => 'vuid', 'name' => 'vusername'),
  121. 'portal_article_title' => array('id' => 'uid', 'name' => 'username'),
  122. 'portal_comment' => array('id' => 'uid', 'name' => 'username'),
  123. 'portal_topic' => array('id' => 'uid', 'name' => 'username'),
  124. 'portal_topic_pic' => array('id' => 'uid', 'name' => 'username'),
  125. );
  126. if(!C::t('common_member')->update($get['uid'], array('username' => $get[newusername])) && isset($_G['setting']['membersplit'])){
  127. C::t('common_member_archive')->update($get['uid'], array('username' => $get[newusername]));
  128. }
  129. loadcache("posttableids");
  130. if($_G['cache']['posttableids']) {
  131. foreach($_G['cache']['posttableids'] AS $tableid) {
  132. $tables[getposttable($tableid)] = array('id' => 'authorid', 'name' => 'author');
  133. }
  134. }
  135. foreach($tables as $table => $conf) {
  136. DB::query("UPDATE ".DB::table($table)." SET `$conf[name]`='$get[newusername]' WHERE `$conf[id]`='$get[uid]'");
  137. }
  138. return API_RETURN_SUCCEED;
  139. }
  140. function gettag($get, $post) {
  141. global $_G;
  142. if(!API_GETTAG) {
  143. return API_RETURN_FORBIDDEN;
  144. }
  145. return $this->_serialize(array($get['id'], array()), 1);
  146. }
  147. function synlogin($get, $post) {
  148. global $_G;
  149. if(!API_SYNLOGIN) {
  150. return API_RETURN_FORBIDDEN;
  151. }
  152. header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
  153. $cookietime = 31536000;
  154. $uid = intval($get['uid']);
  155. if(($member = getuserbyuid($uid, 1))) {
  156. dsetcookie('auth', authcode("$member[password]\t$member[uid]", 'ENCODE'), $cookietime);
  157. }
  158. }
  159. function synlogout($get, $post) {
  160. global $_G;
  161. if(!API_SYNLOGOUT) {
  162. return API_RETURN_FORBIDDEN;
  163. }
  164. header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');
  165. dsetcookie('auth', '', -31536000);
  166. }
  167. function updatepw($get, $post) {
  168. global $_G;
  169. if(!API_UPDATEPW) {
  170. return API_RETURN_FORBIDDEN;
  171. }
  172. $username = $get['username'];
  173. $newpw = md5(time().rand(100000, 999999));
  174. $uid = 0;
  175. if(($uid = C::t('common_member')->fetch_uid_by_username($username))) {
  176. $ext = '';
  177. } elseif(($uid = C::t('common_member_archive')->fetch_uid_by_username($username))) {
  178. $ext = '_archive';
  179. }
  180. if($uid) {
  181. C::t('common_member'.$ext)->update($uid, array('password' => $newpw));
  182. }
  183. return API_RETURN_SUCCEED;
  184. }
  185. function updatebadwords($get, $post) {
  186. global $_G;
  187. if(!API_UPDATEBADWORDS) {
  188. return API_RETURN_FORBIDDEN;
  189. }
  190. $data = array();
  191. if(is_array($post)) {
  192. foreach($post as $k => $v) {
  193. $data['findpattern'][$k] = $v['findpattern'];
  194. $data['replace'][$k] = $v['replacement'];
  195. }
  196. }
  197. $cachefile = DISCUZ_ROOT.'./uc_client/data/cache/badwords.php';
  198. $fp = fopen($cachefile, 'w');
  199. $s = "<?php\r\n";
  200. $s .= '$_CACHE[\'badwords\'] = '.var_export($data, TRUE).";\r\n";
  201. fwrite($fp, $s);
  202. fclose($fp);
  203. return API_RETURN_SUCCEED;
  204. }
  205. function updatehosts($get, $post) {
  206. global $_G;
  207. if(!API_UPDATEHOSTS) {
  208. return API_RETURN_FORBIDDEN;
  209. }
  210. $cachefile = DISCUZ_ROOT.'./uc_client/data/cache/hosts.php';
  211. $fp = fopen($cachefile, 'w');
  212. $s = "<?php\r\n";
  213. $s .= '$_CACHE[\'hosts\'] = '.var_export($post, TRUE).";\r\n";
  214. fwrite($fp, $s);
  215. fclose($fp);
  216. return API_RETURN_SUCCEED;
  217. }
  218. function updateapps($get, $post) { if($post['UC_API']) { $post['UC_API'] = addslashes($post['UC_API']); }
  219. global $_G;
  220. if(!API_UPDATEAPPS) {
  221. return API_RETURN_FORBIDDEN;
  222. }
  223. $UC_API = '';
  224. if($post['UC_API']) {
  225. $UC_API = str_replace(array('\'', '"', '\\', "\0", "\n", "\r"), '', $post['UC_API']);
  226. unset($post['UC_API']);
  227. }
  228. $cachefile = DISCUZ_ROOT.'./uc_client/data/cache/apps.php';
  229. $fp = fopen($cachefile, 'w');
  230. $s = "<?php\r\n";
  231. $s .= '$_CACHE[\'apps\'] = '.var_export($post, TRUE).";\r\n";
  232. fwrite($fp, $s);
  233. fclose($fp);
  234. if($UC_API && is_writeable(DISCUZ_ROOT.'./config/config_ucenter.php')) {
  235. if(preg_match('/^https?:\/\//is', $UC_API)) {
  236. $configfile = trim(file_get_contents(DISCUZ_ROOT.'./config/config_ucenter.php'));
  237. $configfile = substr($configfile, -2) == '?>' ? substr($configfile, 0, -2) : $configfile;
  238. $configfile = preg_replace("/define\('UC_API',\s*'.*?'\);/i", "define('UC_API', '".addslashes($UC_API)."');", $configfile);
  239. if($fp = @fopen(DISCUZ_ROOT.'./config/config_ucenter.php', 'w')) {
  240. @fwrite($fp, trim($configfile));
  241. @fclose($fp);
  242. }
  243. }
  244. }
  245. return API_RETURN_SUCCEED;
  246. }
  247. function updateclient($get, $post) {
  248. global $_G;
  249. if(!API_UPDATECLIENT) {
  250. return API_RETURN_FORBIDDEN;
  251. }
  252. $cachefile = DISCUZ_ROOT.'./uc_client/data/cache/settings.php';
  253. $fp = fopen($cachefile, 'w');
  254. $s = "<?php\r\n";
  255. $s .= '$_CACHE[\'settings\'] = '.var_export($post, TRUE).";\r\n";
  256. fwrite($fp, $s);
  257. fclose($fp);
  258. return API_RETURN_SUCCEED;
  259. }
  260. function updatecredit($get, $post) {
  261. global $_G;
  262. if(!API_UPDATECREDIT) {
  263. return API_RETURN_FORBIDDEN;
  264. }
  265. $credit = $get['credit'];
  266. $amount = $get['amount'];
  267. $uid = $get['uid'];
  268. if(!getuserbyuid($uid)) {
  269. return API_RETURN_SUCCEED;
  270. }
  271. updatemembercount($uid, array($credit => $amount));
  272. C::t('common_credit_log')->insert(array('uid' => $uid, 'operation' => 'ECU', 'relatedid' => $uid, 'dateline' => time(), 'extcredits'.$credit => $amount));
  273. return API_RETURN_SUCCEED;
  274. }
  275. function getcredit($get, $post) {
  276. global $_G;
  277. if(!API_GETCREDIT) {
  278. return API_RETURN_FORBIDDEN;
  279. }
  280. $uid = intval($get['uid']);
  281. $credit = intval($get['credit']);
  282. $_G['uid'] = $_G['member']['uid'] = $uid;
  283. return getuserprofile('extcredits'.$credit);
  284. }
  285. function getcreditsettings($get, $post) {
  286. global $_G;
  287. if(!API_GETCREDITSETTINGS) {
  288. return API_RETURN_FORBIDDEN;
  289. }
  290. $credits = array();
  291. foreach($_G['setting']['extcredits'] as $id => $extcredits) {
  292. $credits[$id] = array(strip_tags($extcredits['title']), $extcredits['unit']);
  293. }
  294. return $this->_serialize($credits);
  295. }
  296. function updatecreditsettings($get, $post) {
  297. global $_G;
  298. if(!API_UPDATECREDITSETTINGS) {
  299. return API_RETURN_FORBIDDEN;
  300. }
  301. $outextcredits = array();
  302. foreach($get['credit'] as $appid => $credititems) {
  303. if($appid == UC_APPID) {
  304. foreach($credititems as $value) {
  305. $outextcredits[$value['appiddesc'].'|'.$value['creditdesc']] = array(
  306. 'appiddesc' => $value['appiddesc'],
  307. 'creditdesc' => $value['creditdesc'],
  308. 'creditsrc' => $value['creditsrc'],
  309. 'title' => $value['title'],
  310. 'unit' => $value['unit'],
  311. 'ratiosrc' => $value['ratiosrc'],
  312. 'ratiodesc' => $value['ratiodesc'],
  313. 'ratio' => $value['ratio']
  314. );
  315. }
  316. }
  317. }
  318. $tmp = array();
  319. foreach($outextcredits as $value) {
  320. $key = $value['appiddesc'].'|'.$value['creditdesc'];
  321. if(!isset($tmp[$key])) {
  322. $tmp[$key] = array('title' => $value['title'], 'unit' => $value['unit']);
  323. }
  324. $tmp[$key]['ratiosrc'][$value['creditsrc']] = $value['ratiosrc'];
  325. $tmp[$key]['ratiodesc'][$value['creditsrc']] = $value['ratiodesc'];
  326. $tmp[$key]['creditsrc'][$value['creditsrc']] = $value['ratio'];
  327. }
  328. $outextcredits = $tmp;
  329. $cachefile = DISCUZ_ROOT.'./uc_client/data/cache/creditsettings.php';
  330. $fp = fopen($cachefile, 'w');
  331. $s = "<?php\r\n";
  332. $s .= '$_CACHE[\'creditsettings\'] = '.var_export($outextcredits, TRUE).";\r\n";
  333. fwrite($fp, $s);
  334. fclose($fp);
  335. return API_RETURN_SUCCEED;
  336. }
  337. function addfeed($get, $post) {
  338. global $_G;
  339. if(!API_ADDFEED) {
  340. return API_RETURN_FORBIDDEN;
  341. }
  342. return API_RETURN_SUCCEED;
  343. }
  344. }